RUCHI GUPTA
October 04, 2010
Ruchi Gupta
Ruchi Gupta
S Sharma (DG, UIDAI) in his article “Identity and the UIDAI: A Response” (EPW, Aug 28, 2010) claims that Usha Ramanathan’s article “A Unique Identity Bill” (EPW, July 24, 2010) reflects some “fundamental misunderstandings on the objectives of the UIDAI, the features of the identity number and the impact it will have on privacy”. In his rebuttal, he makes four broad points:
UIDAI has been deeply consultative and transparent, having “undertaken a wide range of consultations […] [with] economists who have worked on welfare design, civil society activists and scholars, academics, law experts as well as biometric experts […][and] with several stakeholders at various levels across the country”;
Data convergence is not unique to the UID project, “The UID database is not what makes convergence of information possible – this is fully possible, even today, without Aadhaar” and concerns of this nature will be addressed through the personal data protection framework being developed by the DoPT;
UIDAI has been deeply consultative and transparent, having “undertaken a wide range of consultations […] [with] economists who have worked on welfare design, civil society activists and scholars, academics, law experts as well as biometric experts […][and] with several stakeholders at various levels across the country”;
Data convergence is not unique to the UID project, “The UID database is not what makes convergence of information possible – this is fully possible, even today, without Aadhaar” and concerns of this nature will be addressed through the personal data protection framework being developed by the DoPT;
UIDAI is not a part of the national security focus of the GoI, “suggestion of links to the NATGRID/DNA data banks is pure conjecture, meant to create apprehensions on the UIDAI project”;
Profiling, tracking and surveillance are not possible and/or supported in the UID system
A review of some facts – the reader may come to own conclusions.
Consultative and Transparent?
“Consultation” must feed into the project design and scope if it is to be meaningful and not just a PR exercise. However UIDAI was ready with its approach and design document in less than three months (leaked[i] in November 2009) after Mr. Nilekani joined as Chairman and first employee[ii] in July 2009. Further despite widespread dissent and without addressing any concerns, the Authority has solidified project details by releasing tenders and signing MoUs with virtually all the important players such as state governments, rural development and petroleum ministries, LIC, state banks etc. This unilateralism was most evident in the way UID was linked to NREGA through an MoU with the Rural Development ministry without consulting the CEGC[iii], the statutory body to oversee NREGA’s implementation.
A consultative approach also mandates an inclusive engagement process, which allows all interested stakeholders to participate (each resident is a stakeholder in the UID project). Finally the proceedings of consultations must be detailed and publicly accessible to ensure that diversity of opinions and transparency of motives of involved parties are reflected. All of this irrespective of tedium must be adhered to especially for a project that mandatesuniversal inclusion.
The actual approach by UIDAI meets none of the above criteria: despite multiple explicit demands, open public meetings were summarily rejected. Proceedings of “consultation with stakeholders” (ministries, state governments, banks, industry representatives etc) are not available. Some of these consultations[iv] are with organizations (SVP National Police Academy, NASSCOM, Forward Markets Commission, venture capitalists etc) whose connection to the stated purpose of efficient and transparent delivery of state services is not apparent.
Only proceedings of “civil society organization” meetings are available, which have been summarily and/or misleadingly transcribed. For instance, in the Shimla-IIAS consultation[v], dissent is reduced to “The two sides of the debate were ably represented, with Prof. Sanjay Palshikar, Prof. Zoya Hasan, and Dr. Ramakumar presenting a civil liberties perspective”. One wonders if it’s a Freudian slip that CSO consultations have been split from “meetings with stakeholders”, given that the vehement objections of the former have not affected the project design or the Authority’s functioning at all.
A last word on transparency: Public estimates of the project cost range widely between Rs. 70,000 crores to Rs. 150,000 crores. The Authority has not made its budget public despite having functioned for almost two years and having received two budget allocations. This is especially ironic since the Authority derives justification in part by promising to save the exchequer money by eliminating leakages but resists a simple cost-benefit analysis by giving its own price tag.
National Identification Authority of India Bill
Many provisions of the draft NIA Bill are antithetical to civil society’s concerns, and their inclusion here can only amount to complete disregard for civil society consultations. First, the overall bill is aimed at achieving statutory status for the Authority not its regulation, thereby containing no details of implementation (summarily covered by the phrase, “as may be specified by regulations”). Irrelevant to the stated purpose of improving delivery of welfare services, the Authority plans to store transaction records (Clause 32(1)) to disclose for “national security” (Clause 33(b)) thus reinforcing concerns of state surveillance. Equally egregiously, the Authority seeks to reserve sole locus standing to move court (Clause 46) in a bid to evade accountability.
Having drafted a contentious bill, the Authority provided only a short two-week window for public feedback, which in spite of multiple demands, it has not made public (leaving individual groups to make their comments accessible in a scattered manner). Further in direct contravention to the process of public feedback, the draft Bill was listed for introduction in the Lok Sabha 2010 monsoon session.
Data Convergence, Privacy and State Surveillance
UIDAI has oft argued that data convergence is possible even without the UID project and thus responsibility for protection against it is not its problem. RS Sharma claims that “mobile numbers, PAN card numbers and passport numbers can all be used to profile, identify and converge data on individuals by agencies”. UIDAI contradicts itself – its biggest self-proclaimed USP is the ability to de-duplicate databases to ensure that there is only one of each person in the database. The very elimination of these vast numbers of duplicates is supposed to lead to tens of thousands of crores in savings. It stands to reason then that any convergence of this duplicate-infested erroneous data will be both highly problematic (given the inability to do reliable one-to-one matching) and will yield bad data. Plus no other number is linked to biometrics or envisioned for use across all major transactions of the individual’s life as UID numbers are. Thus what is game changing for efficient delivery of government services will also be game changing for other more intrusive purposes.
Furthermore the individual data protection framework in the works by DoPT does not address civil liberties concerns. By focusing on individual privacy and explicitly taking the state out of the picture on pretext of national security (as with the amended Information Technology Act 2008, defense and intelligence agencies’ exemptions from the RTI Act etc), no checks or regulation will be applied on state power at all (the predominant cause of concern against UID facilitated data convergence). In fact this focus on individual privacy is the perfect foil to dilute the RTI Act and evade accountability of public officials.
Regarding the assertion that the UID project is not part of the national security focus of the GoI, there are many unanswered questions, some of which include:
If the purpose of UID is wholly and solely to deliver government services efficiently and transparently, then why is “national security” part of the legislation? Does any legislation related to these individual welfare schemes (NREGA, PDS, RTE, NRHN etc) contain a similar “national security” provision? Then why should legislation for an Authority restricted solely to these schemes worry about national security since it seems unlikely that a cross border combatant will want to pilfer some low quality subsidized grain
A review of some facts – the reader may come to own conclusions.
Consultative and Transparent?
“Consultation” must feed into the project design and scope if it is to be meaningful and not just a PR exercise. However UIDAI was ready with its approach and design document in less than three months (leaked[i] in November 2009) after Mr. Nilekani joined as Chairman and first employee[ii] in July 2009. Further despite widespread dissent and without addressing any concerns, the Authority has solidified project details by releasing tenders and signing MoUs with virtually all the important players such as state governments, rural development and petroleum ministries, LIC, state banks etc. This unilateralism was most evident in the way UID was linked to NREGA through an MoU with the Rural Development ministry without consulting the CEGC[iii], the statutory body to oversee NREGA’s implementation.
A consultative approach also mandates an inclusive engagement process, which allows all interested stakeholders to participate (each resident is a stakeholder in the UID project). Finally the proceedings of consultations must be detailed and publicly accessible to ensure that diversity of opinions and transparency of motives of involved parties are reflected. All of this irrespective of tedium must be adhered to especially for a project that mandatesuniversal inclusion.
The actual approach by UIDAI meets none of the above criteria: despite multiple explicit demands, open public meetings were summarily rejected. Proceedings of “consultation with stakeholders” (ministries, state governments, banks, industry representatives etc) are not available. Some of these consultations[iv] are with organizations (SVP National Police Academy, NASSCOM, Forward Markets Commission, venture capitalists etc) whose connection to the stated purpose of efficient and transparent delivery of state services is not apparent.
Only proceedings of “civil society organization” meetings are available, which have been summarily and/or misleadingly transcribed. For instance, in the Shimla-IIAS consultation[v], dissent is reduced to “The two sides of the debate were ably represented, with Prof. Sanjay Palshikar, Prof. Zoya Hasan, and Dr. Ramakumar presenting a civil liberties perspective”. One wonders if it’s a Freudian slip that CSO consultations have been split from “meetings with stakeholders”, given that the vehement objections of the former have not affected the project design or the Authority’s functioning at all.
A last word on transparency: Public estimates of the project cost range widely between Rs. 70,000 crores to Rs. 150,000 crores. The Authority has not made its budget public despite having functioned for almost two years and having received two budget allocations. This is especially ironic since the Authority derives justification in part by promising to save the exchequer money by eliminating leakages but resists a simple cost-benefit analysis by giving its own price tag.
National Identification Authority of India Bill
Many provisions of the draft NIA Bill are antithetical to civil society’s concerns, and their inclusion here can only amount to complete disregard for civil society consultations. First, the overall bill is aimed at achieving statutory status for the Authority not its regulation, thereby containing no details of implementation (summarily covered by the phrase, “as may be specified by regulations”). Irrelevant to the stated purpose of improving delivery of welfare services, the Authority plans to store transaction records (Clause 32(1)) to disclose for “national security” (Clause 33(b)) thus reinforcing concerns of state surveillance. Equally egregiously, the Authority seeks to reserve sole locus standing to move court (Clause 46) in a bid to evade accountability.
Having drafted a contentious bill, the Authority provided only a short two-week window for public feedback, which in spite of multiple demands, it has not made public (leaving individual groups to make their comments accessible in a scattered manner). Further in direct contravention to the process of public feedback, the draft Bill was listed for introduction in the Lok Sabha 2010 monsoon session.
Data Convergence, Privacy and State Surveillance
UIDAI has oft argued that data convergence is possible even without the UID project and thus responsibility for protection against it is not its problem. RS Sharma claims that “mobile numbers, PAN card numbers and passport numbers can all be used to profile, identify and converge data on individuals by agencies”. UIDAI contradicts itself – its biggest self-proclaimed USP is the ability to de-duplicate databases to ensure that there is only one of each person in the database. The very elimination of these vast numbers of duplicates is supposed to lead to tens of thousands of crores in savings. It stands to reason then that any convergence of this duplicate-infested erroneous data will be both highly problematic (given the inability to do reliable one-to-one matching) and will yield bad data. Plus no other number is linked to biometrics or envisioned for use across all major transactions of the individual’s life as UID numbers are. Thus what is game changing for efficient delivery of government services will also be game changing for other more intrusive purposes.
Furthermore the individual data protection framework in the works by DoPT does not address civil liberties concerns. By focusing on individual privacy and explicitly taking the state out of the picture on pretext of national security (as with the amended Information Technology Act 2008, defense and intelligence agencies’ exemptions from the RTI Act etc), no checks or regulation will be applied on state power at all (the predominant cause of concern against UID facilitated data convergence). In fact this focus on individual privacy is the perfect foil to dilute the RTI Act and evade accountability of public officials.
Regarding the assertion that the UID project is not part of the national security focus of the GoI, there are many unanswered questions, some of which include:
If the purpose of UID is wholly and solely to deliver government services efficiently and transparently, then why is “national security” part of the legislation? Does any legislation related to these individual welfare schemes (NREGA, PDS, RTE, NRHN etc) contain a similar “national security” provision? Then why should legislation for an Authority restricted solely to these schemes worry about national security since it seems unlikely that a cross border combatant will want to pilfer some low quality subsidized grain
Why is the Home Ministry installing fingerprint readers in all the police stations of the country under the Automated Finger Print Identification Systems[vi] (AFIS) project?
Finally, for a project whose benefits are premised on removing duplicates and “convergence” of social sector schemes, it appears counter-intuitive that overlapping and synergistic projects like UID and NATGRID (cross-linked government databases) will be independently duplicated instead of “converged”.
RS Sharma claims that the Authority clearly restricts the collection of any data that could be used to profile individuals/communities; however data convergence will render such provisions irrelevant. Further storing “details of every request for authentication of the identity of every aadhaar number holder and the response provided thereon by it in such manner and for such time as may be specified by regulations” (Clause 32(1), Draft NIA Bill 2010) is the equivalent of tracking, especially given the fact that each authentication request represents the physical presence of the individual at that location (for biometric verification). Merely saying that the Authority will retain “authentication records in a manner similar to the retaining of credit cards record” does not lessen the seriousness of this provision. Plus anyone who’s seen a credit card statement knows that there is no dearth of information with the credit card companies about each transaction.Finally, for a project whose benefits are premised on removing duplicates and “convergence” of social sector schemes, it appears counter-intuitive that overlapping and synergistic projects like UID and NATGRID (cross-linked government databases) will be independently duplicated instead of “converged”.
Changing the Problem to Fit the Solution
UIDAI has time and again asserted that the “inability to prove identity is one of the biggest barriers preventing the poor from accessing benefits and subsidies.” Framed thus, the UID project seems like the obvious answer.
The reality though is different. In rural areas, the ability to prove identity is not the problem. How would a purely notional (and oppressive) concept like caste be so ingrained if one’s identity were so nebulous? Inability to access government services is one of lack of information and distorted power structures and introducing an opaque process consisting of fingerprint readers, mobile connectivity and centralized verification will not empower the disenfranchised.
In urban areas, the real issue is one of exclusionary state policy and not inability to prove identity. Shaloo, my household help has a Delhi based bank account, medical records and school report cards dating from 2001. However she cannot get a gas connection or a ration card because she lives in a jhuggi[vii]. She is also not eligible for rehabilitation when her slum will be demolished (as slated for CWG 2010) because she is unable to prove residency before the cut-off date of Dec 31, 1998. This is clearly a matter of policy, which cannot be addressed by a UID number. For the truly identity-less (e.g., beggar community), UID approach is weak relying on “introducers”.
It also bears mention that formalization/regulation is a good thing only when the state is genuinely attempting to be inclusive (which cannot be assumed to be universally true). Anonymity allows those on the fringes of society to get their work done through informal channels, an option that will be closed with the regimentation envisioned by UIDAI.
Another example of this kind of conceptual chicanery of changing the problem for a force-fit solution is the article “A Unique Way to Ensure Learning” (Livemint, Aug 19, 2010) by the Akshara Foundation. In this the authors argue that “it is necessary to gather enough data at the child level so that the right levels of interventions are focused on the appropriate target groups” and that “a universal and unique identification system will help in improving quality outcomes in a significant manner.” The article further cites a potential example of UID at work: “Remedial interventions are required to bring what the system calls “slow learners” to mainstream levels. This means that we need to know who needs help: This is possible only by administering diagnostic baseline tests and logging this data on a child-by-child basis, and then initiating the remedial interventions to wipe out specific legacy problems”. World over learning outcomes are overwhelmingly linked to the quality of teachers, but this article mentions teachers just once – predictably where UID can be used – to track attendance in government schools (who will make them teach?). Further the idea of tracking individual as opposed to aggregate learning outcomes is useful when only a few children are slipping through the cracks, so as to direct supplementary child specific interventions. However when the education system is failing almost all our children (in Karnataka, only 11% children in classes III to V can read English sentences; around 40% of the children between classes I and VIII can read a class II-level text and less than 20% could do simple division in mathematics), the obvious need is to fix the system and not run around logging data on a child-by-child basis.
The UID project comes in benevolent packaging; however claims of good intentions can be sustained only with complete transparency of objectives and participatory processes instead of trying to push through projects with PR and stealth
UID Resources – For Other UID updates
_________________________________________
Philippines SC Struck Down Their UID as Unconstitutional by Ruchi Gupta
In Politics and Government on August 31, 2010 at 10:51 PMBy Ruchi Gupta
Proposal: Former President Fidel Ramos issued Administrative Order (“AO”) 308 on Dec 12, 1996 to establish a “National Computerized Identification Reference System”. As per the AO, the biometric ID system would help “efficiently identify persons seeking basic services on social security and reduce, if not totally eradicate, fraudulent transactions and misrepresentations”. The ID system was to use the Population Reference Number (PRN) “as the common reference number to establish a linkage among concerned agencies”
Response: On January 24, 1997, a petition was filed in the Supreme Court challenging the A.O. for reasons of, inter alia, “ unconstitutional usurpation of the legislative powers of the Congress” and for laying the “groundwork of a system which will violate the bill of rights [privacy] enshrined in the Constitution”. The Supreme Court issued a “temporary restraining order enjoining its [ID system] implementation”
Resolution: Supreme Court declared Administrative Order No. 308 “null and void for being unconstitutional.” In its order, the SC agreed with the petition on both counts stating, “as said administrative order redefines the parameters of some basic rights of our citizenry vis-a-vis the State as well as the line that separates the administrative power of the President to make rules and the legislative power of Congress, it ought to be evident that it deals with a subject that should be covered by law” and “the threat [to right to privacy] comes from the executive branch of government which by issuing A.O. No. 308 pressures the people to surrender their privacy by giving information about themselves on the pretext that it will facilitate delivery of basic services. Given the record-keeping power of the computer, only the indifferent will fail to perceive the danger that A.O. No. 308 gives the government the power to compile a devastating dossier against unsuspecting citizens”
Parallels with India: UIDAI was set up by a GoI notification on January 28 2009. UIDAI has been operating without statutory status for the past year and a half, in which it has signed MoUs with all states and UTs, Rural Development and Petroleum ministries, many public sector banks, LIC and others.
A bill to achieve statutory status, Draft National Identification Authority Bill 2010 was circulated in July 2010, which states, “On and from the establishment of the Authority — (1) all the assets and liabilities of the Unique Identification Authority of India, established vide notification of the Government of India in the Planning Commission number A-43011/02/2009-Admin.I, dated the 28th January, 2009, shall stand transferred to, and vested in, the Authority” (Clause 22) essentially subverting the power of the Parliament to prescribe limits on the Authority’s operations. Further, the UID project suffers from all the inherent privacy and civil liberties risks of a biometric based national ID system (covered in greater detail in the Issue Overview document)
_________________________________________
____________________________________________________
27th August 2010
Overview of Issues with UID by Ruchi Gupta
Overview of Issues with UID by Ruchi Gupta
The Unique Identification Authority of India (UIDAI) was constituted by the Central Government (via notification) in February 2009 to give each Indian resident a UID number. UID will be a unique 12-digit number, which will store basic demographic and identity information of an individual along with his/her biometrics (10 fingerprints, iris scan and photo). As per the government, UID numbers will enable efficient delivery of government services by plugging leakages, and facilitate inclusive development through improved targeting.
However the project was met with widespread concern on grounds of privacy and potential for misuse by elements of the state. Various representations have been made to the Authority through civil society meetings, op-eds and open discussions. In response, the Government has set up a Group of Officers under the Secretary, DoPT to develop a framework for data protection, security and privacy. Simultaneously, the UIDAI has circulated a draft National Identification Authority of India Bill aimed primarily at achieving statutory status while expressly resisting both regulation[i] and accountability[ii] (see comments on the draft NIA Bill).
Meanwhile in the UK, the first Bill introduced by the new Conservatives and Liberal Democrat government was the Identity Documents Bill to cancel the similar National ID project. The Coalition Agreement[iii] between the two parties stated, “The parties agree to implement a full programme of measures to reverse the substantial erosion of civil liberties under the Labour Government and roll back state intrusion. This will include the scrapping of ID card scheme, the National Identity register, the next generation of biometric passports and the Contact Point Database“. The project’s abolition is expected to save the government over £800 M over a decade[iv].
The following is an overview of the issues with the UID project, organized around five themes: undemocratic process for project initiation and development; civil liberties; benefits and efficiency; limits of technology; and costs and finance
Undemocratic Process and Project
The UID project will directly touch every single citizen and resident of the country; however UIDAI was set-up via a GoI notification as an attached office of the Planning Commission without any discussion or debate in the Parliament or civil society. Further even though the UID project is unprecedented anywhere in the world both in population size and application, no feasibility study was done prior; pilots were commissioned after the Authority had already commenced operations and are being overseen by the Authority raising questions about independence. Finally, the Chairperson of the Authority, Nandan Nilekani was appointed without a transparent appointment process. Nandan Nilekani also heads the Technology Advisory Group for Unique Projects (TAGUP), which has a broad mandate to develop five projects, Tax Information Network, New Pension Scheme, National Treasury Management Agency, Expenditure Information Network and GST
In the year and a half of its inception, the Authority has signed MoUs with virtually all states and UTs, LIC, Petroleum Ministry and many banks. However while rapidly solidifying project details and approach, the Authority has held limited (and closed) civil society meetings thereby withholding participation and proceedings from the public. Despite repeated demands, there have been no open public meetings to discuss the project or answer questions
In July, the Authority circulated the draft NIA Bill (to achieve statutory status); the window for public feedback was two weeks. Despite widespread feedback and calls for making all feedback public, the Authority has not made feedback available. Further in direct contravention to the process of public feedback, the NIA Bill was listed for introduction in the Lok Sabha 2010 monsoon session
UID represents a shift in government policy from a rights based approach (universal and collective e.g., RTI, NREGA, FRA) to that of targeted and individuated subsidies. For instance, in the ongoing PDS reform debate, there is some talk of dismantling the PDS to provide direct cash subsidy to the beneficiary through UID-linked accounts. This prevailing ideological bent of the government was explicitly stated by the Finance Minister, Pranab Mukherjee in his Budget 2010-11 speech, “With development and economic reforms, the focus of economic activity has shifted towards the non-governmental actors, bringing into sharper focus the role of Government as an enabler. An enabling Government does not try to deliver directly to the citizens everything that they need[v]”. However not only is there no successful precedent of this approach in India (or elsewhere other than the mixed success of Brazil’s CCT program, Bolsa Familia) but it also runs counter to the idea of a politicized and empowered citizen collective
Civil Liberties
UID number enrollment has been conflated with the mandatory census and NPR essentially making enrollment mandatory
The Authority aims to make the UID number the preferred mode of identification for both users and public/private organizations to drive revenue through its identity authentication service. An incontrovertible unique number for one individual across all of his/her life transactions will enable data consolidation thus creating the risk of profiling
The Draft NIA Bill states that the Authority will maintain details of every request for authentication of identity (32(1)) and that identity information may be disclosed in the interests of national security (33 (b)). The two clauses in conjunction are tantamount to tracking individual activity, especially with the increasing prevalence of UID numbers
UID numbers will likely be used to develop NATGRID, a centralized database advocated by the Home Minister P. Chidambaram, to improve security. NATGRID will interlink 21 categories of databases (railway and air travel, Income Tax, phone calls, bank account details, credit card transactions, visa and immigration records, property records, driving licence) for real-time monitoring of all residents in the country. As per reports, the finance minister, Mr. Pranab Mukherjee opposed the project on grounds of privacy; however Mr. Chidambaram argued “the country cannot pay the price in the name of privacy[vi]”.
UID numbers will limit the ability of poor migrants to use informal networks to access services. This is especially crucial where many urban governments want to discourage inward migration, and may use UID numbers to deny benefits to those from out of state or inadequate domicile
The Home Ministry has launched the Automated Finger Print Identification Systems (AFIS) to identify criminals; Rs. 15,000 have been earmarked for every police station in the country to purchase a fingerprint reader[vii]
The government is licensing credit information companies (CICs) under the Credit Information Companies (Regulation) Act 2005 to develop consumers’ credit profiles based on their transaction history from banks, NBFCs, telecoms and insurance companies. CICs will use UID numbers to collect and collate this information. This will inevitably lead to the type of predatory marketing seen in the United States (on the basis of social security numbers) and on the other side facilitate financial exclusion not inclusion of the poor
Benefits and Efficiency
Significant problems with social sector legislation will be left unaddressed. For instance, UID will address only the wage related defalcation (and possibly payments) in NREGA; however incidence and severity of corruption in NREGA is material related. Other problems such as awareness and works planning will remain. In PDS, errors of inclusion and exclusion will remain, as will policy issues of coverage and FPS viability. The aim of financial inclusion will also remain largely unaddressed since the unavailability of credit is an outcome not just of limited bank branches, but also of the credit worthiness of the individual, e.g., banks will not extend loans to buy daily necessities like the kinara store owner.
Benefits of the UID project are contingent on beneficiary verification at the point of service. Therefore delivery of service will mandatorily be dependent on working biometric equipment. This creates two issues:
Every single point of service must be equipped with a biometric reader e.g., NREGA worksites (~6,00,000), PDS FPS (~4,70,000). Simplest readers cost at least Rs. 2000
Damaged biometric readers either due to normal wear and tear or deliberate sabotage will disrupt service delivery. Any contingency measures that bypass biometric authentication will be susceptible to organized defalcation
As per UIDAI’s own whitepaper on UID and PDS, mobile connectivity required for verification against the CIDR (centralized UID database) is available in only ~3L villages. This is equal to half the ~6 L villages in India. In the absence of real-time verification, UID has no incremental benefit over existing processes
Corruption is dynamic and a static single-point mechanism is likely to be fallible in the medium to long-term
UID number verifications will be conducted by matching the given UID number to the biometric information of the individual. Individuals will thus be required to give their 12-digit UID number at the point of service, which may be difficult for the illiterate. This is especially relevant because the UID model for authentication envisions not a 1:N matching (locating the presented biometric sample against the entire database) but essentially a 1:1 matching where the beneficiary will be required to present UID number, which will then be matched pulled up for verification against presented biometric evidence (fingerprint)
Limits of Technology
Biometric verification of identity is not 100% accurate. With the Authority’s own stated accuracy assumptions, absolute number of errors could be in the range of 1 – 6 crores
Biometric reader technology is unable to distinguish between the upper skin of a finger (which is almost dead material) and artificially created dummy fingers[viii] of silicon rubber, acrylic paint, etc. Depending on the quality of the reader, sometimes even basic photocopied fingerprints are successful in triggering a false accept
Fingerprints can be altered through cheap surgery (~Rs. 15,000). In a recent report, a Chinese woman changed her fingerprints[ix] to slip through Japan’s airport biometric identification checks
Cost and Finance
The Authority has not made the budget public. Various newspaper reports estimate project cost up to Rs. 150,000 crore. A recent news report on a Planning Commission meeting[x] pegs the budget at Rs. 35,000-40,000 crore over 5 years (covering half the Indian population). News report on a finance ministry meeting writes that estimates of per person cost of the UID number have jumped from Rs. 31 to Rs. 450-500[xi].
It is likely that the bulk or a significant portion of the cost will be allocated to different social sector schemes that may be required to implement the UID project. Given the stagnant social sector allocation and current push and pull on coverage[xii], cost, and deficits, there is some concern that the implementation of the UID project will result in a decrease of the real social sector allocation
As per MoUs between the Authority and states, registrars can charge the user a fee for UID enrollment thereby shifting part of the cost of the project to the beneficiary
[i] Draft NIA Bill does not contain details of implementation, which are covered by the phrase, “as may be specified by regulations”
[ii] Draft NIA Bill, Clause 46 (1): No court shall take cognizance of any offence punishable under this Act, save on a complaint made by the Authority or any officer or person authorized by it.
[iii] http://programmeforgovernment.hmg.gov.uk/civil-liberties/
[iv] http://news.bbc.co.uk/2/hi/uk_news/politics/8707355.stm
[v] http://indiabudget.nic.in/ub2010-11/bs/speecha.htm
[vi] http://www.dnaindia.com/india/report_chidambaram-has-his-way-as-national-intelligence-grid-gets-pm-s-okay_1382016
[vii] http://economictimes.indiatimes.com/articleshow/5836953.cms
[viii] http://keuning.com/biometry/
[ix] http://www.japantoday.com/category/crime/view/chinese-woman-slips-through-biometric-identification-checks
[x] http://www.indianexpress.com/news/panel-to-assess-costs-of-a-unique-identity/628179/0
[xi] http://www.mydigitalfc.com/plan/finance-ministry-balks-rs-45000-cr-uid%E2%80%88price-tag-099
[xii] Food Security: universal versus BPL; wide variation in BPL estimates by different reports, and between center and states; NREGA: Increase of days; indexing wages to inflation; Rural health: BPL or all unorganized
___________________________________________
However the project was met with widespread concern on grounds of privacy and potential for misuse by elements of the state. Various representations have been made to the Authority through civil society meetings, op-eds and open discussions. In response, the Government has set up a Group of Officers under the Secretary, DoPT to develop a framework for data protection, security and privacy. Simultaneously, the UIDAI has circulated a draft National Identification Authority of India Bill aimed primarily at achieving statutory status while expressly resisting both regulation[i] and accountability[ii] (see comments on the draft NIA Bill).
Meanwhile in the UK, the first Bill introduced by the new Conservatives and Liberal Democrat government was the Identity Documents Bill to cancel the similar National ID project. The Coalition Agreement[iii] between the two parties stated, “The parties agree to implement a full programme of measures to reverse the substantial erosion of civil liberties under the Labour Government and roll back state intrusion. This will include the scrapping of ID card scheme, the National Identity register, the next generation of biometric passports and the Contact Point Database“. The project’s abolition is expected to save the government over £800 M over a decade[iv].
The following is an overview of the issues with the UID project, organized around five themes: undemocratic process for project initiation and development; civil liberties; benefits and efficiency; limits of technology; and costs and finance
Undemocratic Process and Project
The UID project will directly touch every single citizen and resident of the country; however UIDAI was set-up via a GoI notification as an attached office of the Planning Commission without any discussion or debate in the Parliament or civil society. Further even though the UID project is unprecedented anywhere in the world both in population size and application, no feasibility study was done prior; pilots were commissioned after the Authority had already commenced operations and are being overseen by the Authority raising questions about independence. Finally, the Chairperson of the Authority, Nandan Nilekani was appointed without a transparent appointment process. Nandan Nilekani also heads the Technology Advisory Group for Unique Projects (TAGUP), which has a broad mandate to develop five projects, Tax Information Network, New Pension Scheme, National Treasury Management Agency, Expenditure Information Network and GST
In the year and a half of its inception, the Authority has signed MoUs with virtually all states and UTs, LIC, Petroleum Ministry and many banks. However while rapidly solidifying project details and approach, the Authority has held limited (and closed) civil society meetings thereby withholding participation and proceedings from the public. Despite repeated demands, there have been no open public meetings to discuss the project or answer questions
In July, the Authority circulated the draft NIA Bill (to achieve statutory status); the window for public feedback was two weeks. Despite widespread feedback and calls for making all feedback public, the Authority has not made feedback available. Further in direct contravention to the process of public feedback, the NIA Bill was listed for introduction in the Lok Sabha 2010 monsoon session
UID represents a shift in government policy from a rights based approach (universal and collective e.g., RTI, NREGA, FRA) to that of targeted and individuated subsidies. For instance, in the ongoing PDS reform debate, there is some talk of dismantling the PDS to provide direct cash subsidy to the beneficiary through UID-linked accounts. This prevailing ideological bent of the government was explicitly stated by the Finance Minister, Pranab Mukherjee in his Budget 2010-11 speech, “With development and economic reforms, the focus of economic activity has shifted towards the non-governmental actors, bringing into sharper focus the role of Government as an enabler. An enabling Government does not try to deliver directly to the citizens everything that they need[v]”. However not only is there no successful precedent of this approach in India (or elsewhere other than the mixed success of Brazil’s CCT program, Bolsa Familia) but it also runs counter to the idea of a politicized and empowered citizen collective
Civil Liberties
UID number enrollment has been conflated with the mandatory census and NPR essentially making enrollment mandatory
The Authority aims to make the UID number the preferred mode of identification for both users and public/private organizations to drive revenue through its identity authentication service. An incontrovertible unique number for one individual across all of his/her life transactions will enable data consolidation thus creating the risk of profiling
The Draft NIA Bill states that the Authority will maintain details of every request for authentication of identity (32(1)) and that identity information may be disclosed in the interests of national security (33 (b)). The two clauses in conjunction are tantamount to tracking individual activity, especially with the increasing prevalence of UID numbers
UID numbers will likely be used to develop NATGRID, a centralized database advocated by the Home Minister P. Chidambaram, to improve security. NATGRID will interlink 21 categories of databases (railway and air travel, Income Tax, phone calls, bank account details, credit card transactions, visa and immigration records, property records, driving licence) for real-time monitoring of all residents in the country. As per reports, the finance minister, Mr. Pranab Mukherjee opposed the project on grounds of privacy; however Mr. Chidambaram argued “the country cannot pay the price in the name of privacy[vi]”.
UID numbers will limit the ability of poor migrants to use informal networks to access services. This is especially crucial where many urban governments want to discourage inward migration, and may use UID numbers to deny benefits to those from out of state or inadequate domicile
The Home Ministry has launched the Automated Finger Print Identification Systems (AFIS) to identify criminals; Rs. 15,000 have been earmarked for every police station in the country to purchase a fingerprint reader[vii]
The government is licensing credit information companies (CICs) under the Credit Information Companies (Regulation) Act 2005 to develop consumers’ credit profiles based on their transaction history from banks, NBFCs, telecoms and insurance companies. CICs will use UID numbers to collect and collate this information. This will inevitably lead to the type of predatory marketing seen in the United States (on the basis of social security numbers) and on the other side facilitate financial exclusion not inclusion of the poor
Benefits and Efficiency
Significant problems with social sector legislation will be left unaddressed. For instance, UID will address only the wage related defalcation (and possibly payments) in NREGA; however incidence and severity of corruption in NREGA is material related. Other problems such as awareness and works planning will remain. In PDS, errors of inclusion and exclusion will remain, as will policy issues of coverage and FPS viability. The aim of financial inclusion will also remain largely unaddressed since the unavailability of credit is an outcome not just of limited bank branches, but also of the credit worthiness of the individual, e.g., banks will not extend loans to buy daily necessities like the kinara store owner.
Benefits of the UID project are contingent on beneficiary verification at the point of service. Therefore delivery of service will mandatorily be dependent on working biometric equipment. This creates two issues:
Every single point of service must be equipped with a biometric reader e.g., NREGA worksites (~6,00,000), PDS FPS (~4,70,000). Simplest readers cost at least Rs. 2000
Damaged biometric readers either due to normal wear and tear or deliberate sabotage will disrupt service delivery. Any contingency measures that bypass biometric authentication will be susceptible to organized defalcation
As per UIDAI’s own whitepaper on UID and PDS, mobile connectivity required for verification against the CIDR (centralized UID database) is available in only ~3L villages. This is equal to half the ~6 L villages in India. In the absence of real-time verification, UID has no incremental benefit over existing processes
Corruption is dynamic and a static single-point mechanism is likely to be fallible in the medium to long-term
UID number verifications will be conducted by matching the given UID number to the biometric information of the individual. Individuals will thus be required to give their 12-digit UID number at the point of service, which may be difficult for the illiterate. This is especially relevant because the UID model for authentication envisions not a 1:N matching (locating the presented biometric sample against the entire database) but essentially a 1:1 matching where the beneficiary will be required to present UID number, which will then be matched pulled up for verification against presented biometric evidence (fingerprint)
Limits of Technology
Biometric verification of identity is not 100% accurate. With the Authority’s own stated accuracy assumptions, absolute number of errors could be in the range of 1 – 6 crores
Biometric reader technology is unable to distinguish between the upper skin of a finger (which is almost dead material) and artificially created dummy fingers[viii] of silicon rubber, acrylic paint, etc. Depending on the quality of the reader, sometimes even basic photocopied fingerprints are successful in triggering a false accept
Fingerprints can be altered through cheap surgery (~Rs. 15,000). In a recent report, a Chinese woman changed her fingerprints[ix] to slip through Japan’s airport biometric identification checks
Cost and Finance
The Authority has not made the budget public. Various newspaper reports estimate project cost up to Rs. 150,000 crore. A recent news report on a Planning Commission meeting[x] pegs the budget at Rs. 35,000-40,000 crore over 5 years (covering half the Indian population). News report on a finance ministry meeting writes that estimates of per person cost of the UID number have jumped from Rs. 31 to Rs. 450-500[xi].
It is likely that the bulk or a significant portion of the cost will be allocated to different social sector schemes that may be required to implement the UID project. Given the stagnant social sector allocation and current push and pull on coverage[xii], cost, and deficits, there is some concern that the implementation of the UID project will result in a decrease of the real social sector allocation
As per MoUs between the Authority and states, registrars can charge the user a fee for UID enrollment thereby shifting part of the cost of the project to the beneficiary
[i] Draft NIA Bill does not contain details of implementation, which are covered by the phrase, “as may be specified by regulations”
[ii] Draft NIA Bill, Clause 46 (1): No court shall take cognizance of any offence punishable under this Act, save on a complaint made by the Authority or any officer or person authorized by it.
[iii] http://programmeforgovernment.hmg.gov.uk/civil-liberties/
[iv] http://news.bbc.co.uk/2/hi/uk_news/politics/8707355.stm
[v] http://indiabudget.nic.in/ub2010-11/bs/speecha.htm
[vi] http://www.dnaindia.com/india/report_chidambaram-has-his-way-as-national-intelligence-grid-gets-pm-s-okay_1382016
[vii] http://economictimes.indiatimes.com/articleshow/5836953.cms
[viii] http://keuning.com/biometry/
[ix] http://www.japantoday.com/category/crime/view/chinese-woman-slips-through-biometric-identification-checks
[x] http://www.indianexpress.com/news/panel-to-assess-costs-of-a-unique-identity/628179/0
[xi] http://www.mydigitalfc.com/plan/finance-ministry-balks-rs-45000-cr-uid%E2%80%88price-tag-099
[xii] Food Security: universal versus BPL; wide variation in BPL estimates by different reports, and between center and states; NREGA: Increase of days; indexing wages to inflation; Rural health: BPL or all unorganized
___________________________________________
22nd March 2010
Gathering Storm - How UID will Turn India Into a Police State by Ruchi Gupta:
Various initiatives within the government are converging to transform India into a classic police state. Enabling this transformation is everyone’s darling, the UID project. The UID project is a triumph of marketing over reality. Marketed as a fundamental enabler for targeted delivery of government services, UID numbers will instead form the bedrock for pervasive state surveillance.
The Unique Identification Authority of India (UIDAI) however, has repeatedly downplayed the use of UID numbers for surveillance and security functions by consistently omitting this topic in official communication through their website and press releases. Nevertheless the context and limited scope of the Authority reveal its real intent. While conceptually the project has been in discussion since the Vajpayee government (2002), renewed impetus came in the wake of Mumbai terror attacks in November 2008. The UIDAI was established in February 2009, less than three months of the attack. Despite the altruistic marketing, the Authority refuses responsibility for improved service delivery stating, “The UIDAI is only in the identity business. The responsibility of tracking beneficiaries and the governance of service delivery will continue to remain with the respective agencies”.
Concurrently with setting up the UIDAI, the Indian Parliament substantially amended the Information Technology Act 2000 in December 2008 to give the government power to tap all communications without a court order or a warrant. Section 69 of ITA 2008 states “[…] necessary or expedient to do in the interest of the sovereignty or integrity of India, defense of India, security of the State, friendly relations with foreign States or public order or for preventing incitement to the commission of any cognizable offence relating to above or for investigation of any offence, it may […] direct any agency of the appropriate Government to intercept, monitor or decrypt or cause to be intercepted or monitored or decrypted any information transmitted received or stored through any computer resource.”
Against this legislative and infrastructural background, the government is setting up a national intelligence grid (NATGRID). The NATGRID under Raghu Raman (ex-CEO, Mahindra Special Services Group) will interlink 21 categories of databases (railway and air travel, Income Tax, phone calls, bank account details, credit card transactions, visa and immigration records, property records, driving licence) for real-time monitoring of all residents in the country. NATGRID is expected to be fully operation by May 2011 and will eventually use UID numbers for these inter-database linkages.
Simultaneously work has begun on the National Population Register (NPR) which will collect information such as name, sex, date of birth, current marital status, name of father, mother and spouse, educational level attained, nationality, occupation, activity pursued, present and permanent addresses along with individual biometrics. Chidamabaran has cautioned that due care needs to be taken to ensure that “illegal” residents in border districts (Bangladesh, Nepal) don’t worm their way into the NPR giving the census an ominous policing quality. The NPR will depend on UID for de-duplication.
UID numbers will also facilitate the advance of a neoliberal state. There’s trepidation amongst many in the civil society about data convergence using UID numbers, and its monetization for private profit. This is not just a remote possibility but part of the official intent. The government is licensing credit information companies (CICs) under the Credit Information Companies (Regulation) Act 2005 to develop consumers’ credit profiles based on their transaction history from banks, NBFCs, telecoms and insurance companies. CICs will use UID numbers to collect and collate this information. This will inevitably lead to the type of predatory marketing seen in the United States (on the basis of social security numbers) and on the other side facilitate financial exclusion not inclusion of the poor. The Authority itself takes a predictably hands-off approach to data convergence stating, “Convergence of existing databases will need to be addressed and governed under a larger data protection regime applicable to the whole country and therefore this is a matter beyond the mandate of the UIDAI”.
While terror is a high-profile and charged topic in the country, mass surveillance cannot be justified in the name of improved security. There are other alternatives to track organized terror outfits without undertaking blanket real-time citizen monitoring. In fact there is substantial evidence that identity cards/numbers would not have prevented many recent terror attacks (e.g., Madrid bombings in 2004, 9/11, London underground attacks in 2005, Israel suicide bombings, Pakistan bombings). Moreover surveillance in India is not just limited to identifying alleged terrorists but any activity that can be twisted into “defense/sovereignty of India” or cognizable offence. The potential for misuse is tremendous (e.g., inconvenient activists, purported Maoists).
UID project’s basic premise of fundamentally improving delivery of welfare services does not withstand scrutiny. UID deployment will come at a prohibitively high cost and only address a small subset of leakages in marked contrast to other more effective governance mechanisms inexplicably snubbed by the government. At the same UID deployment will enable a mass surveillance police state leading to both invasion of individual privacy and curtailment of civil liberties. There is immediate need for transparency about the objectives of the project and a vigorous public debate on its need and relevance.
__________________________________________
The Unique Identification Authority of India (UIDAI) however, has repeatedly downplayed the use of UID numbers for surveillance and security functions by consistently omitting this topic in official communication through their website and press releases. Nevertheless the context and limited scope of the Authority reveal its real intent. While conceptually the project has been in discussion since the Vajpayee government (2002), renewed impetus came in the wake of Mumbai terror attacks in November 2008. The UIDAI was established in February 2009, less than three months of the attack. Despite the altruistic marketing, the Authority refuses responsibility for improved service delivery stating, “The UIDAI is only in the identity business. The responsibility of tracking beneficiaries and the governance of service delivery will continue to remain with the respective agencies”.
Concurrently with setting up the UIDAI, the Indian Parliament substantially amended the Information Technology Act 2000 in December 2008 to give the government power to tap all communications without a court order or a warrant. Section 69 of ITA 2008 states “[…] necessary or expedient to do in the interest of the sovereignty or integrity of India, defense of India, security of the State, friendly relations with foreign States or public order or for preventing incitement to the commission of any cognizable offence relating to above or for investigation of any offence, it may […] direct any agency of the appropriate Government to intercept, monitor or decrypt or cause to be intercepted or monitored or decrypted any information transmitted received or stored through any computer resource.”
Against this legislative and infrastructural background, the government is setting up a national intelligence grid (NATGRID). The NATGRID under Raghu Raman (ex-CEO, Mahindra Special Services Group) will interlink 21 categories of databases (railway and air travel, Income Tax, phone calls, bank account details, credit card transactions, visa and immigration records, property records, driving licence) for real-time monitoring of all residents in the country. NATGRID is expected to be fully operation by May 2011 and will eventually use UID numbers for these inter-database linkages.
Simultaneously work has begun on the National Population Register (NPR) which will collect information such as name, sex, date of birth, current marital status, name of father, mother and spouse, educational level attained, nationality, occupation, activity pursued, present and permanent addresses along with individual biometrics. Chidamabaran has cautioned that due care needs to be taken to ensure that “illegal” residents in border districts (Bangladesh, Nepal) don’t worm their way into the NPR giving the census an ominous policing quality. The NPR will depend on UID for de-duplication.
UID numbers will also facilitate the advance of a neoliberal state. There’s trepidation amongst many in the civil society about data convergence using UID numbers, and its monetization for private profit. This is not just a remote possibility but part of the official intent. The government is licensing credit information companies (CICs) under the Credit Information Companies (Regulation) Act 2005 to develop consumers’ credit profiles based on their transaction history from banks, NBFCs, telecoms and insurance companies. CICs will use UID numbers to collect and collate this information. This will inevitably lead to the type of predatory marketing seen in the United States (on the basis of social security numbers) and on the other side facilitate financial exclusion not inclusion of the poor. The Authority itself takes a predictably hands-off approach to data convergence stating, “Convergence of existing databases will need to be addressed and governed under a larger data protection regime applicable to the whole country and therefore this is a matter beyond the mandate of the UIDAI”.
While terror is a high-profile and charged topic in the country, mass surveillance cannot be justified in the name of improved security. There are other alternatives to track organized terror outfits without undertaking blanket real-time citizen monitoring. In fact there is substantial evidence that identity cards/numbers would not have prevented many recent terror attacks (e.g., Madrid bombings in 2004, 9/11, London underground attacks in 2005, Israel suicide bombings, Pakistan bombings). Moreover surveillance in India is not just limited to identifying alleged terrorists but any activity that can be twisted into “defense/sovereignty of India” or cognizable offence. The potential for misuse is tremendous (e.g., inconvenient activists, purported Maoists).
UID project’s basic premise of fundamentally improving delivery of welfare services does not withstand scrutiny. UID deployment will come at a prohibitively high cost and only address a small subset of leakages in marked contrast to other more effective governance mechanisms inexplicably snubbed by the government. At the same UID deployment will enable a mass surveillance police state leading to both invasion of individual privacy and curtailment of civil liberties. There is immediate need for transparency about the objectives of the project and a vigorous public debate on its need and relevance.
__________________________________________
Ruchi Gupta:
13th January 2010
Politics of Identity: by Ruchi Gupta:
In February 2011, India will become the first country in the world to issue its residents biometric-based numbers (UID) to establish identity. For this purpose, the Central government has constituted the Unique Identification Authority of India (UIDAI) under the Planning Commission. The UID number is marketed as a fundamental enabler for efficient delivery of government services and inclusive development. As per the Authority, benefits of the UID number include elimination of leakages in welfare programs like PDS and NREGA, and facilitation of targeted education and health interventions for underprivileged children.
A less publicised purpose of the UID number is to improve national security. In January 2009, the Centre issued notice to maritime states and two UTs to issue identity cards to all coastal residents. In an interview in the aftermath of the terror attacks, Chidambaram announced “Governments decision to set up the UID authority. The UIDAI was established in February 2009, within three months of the attacks. By the Authority’s own admission, “The UIDAI is only in the identity business. The responsibility of tracking beneficiaries and the governance of service delivery will continue to remain with the respective agencies”. So once the UIDAI has finished with its business, who will use it, and how? One has to ask whether “security” is not just a peripheral but the primary purpose of the project.
A less publicised purpose of the UID number is to improve national security. In January 2009, the Centre issued notice to maritime states and two UTs to issue identity cards to all coastal residents. In an interview in the aftermath of the terror attacks, Chidambaram announced “Governments decision to set up the UID authority. The UIDAI was established in February 2009, within three months of the attacks. By the Authority’s own admission, “The UIDAI is only in the identity business. The responsibility of tracking beneficiaries and the governance of service delivery will continue to remain with the respective agencies”. So once the UIDAI has finished with its business, who will use it, and how? One has to ask whether “security” is not just a peripheral but the primary purpose of the project.
UID is a flexible tool and the Authority’s neutral attitude towards its end-use leaves abundant room for abuse. Thus it is imperative that government programs delineate all objectives and there is a robust and inclusive debate to ensure democratic end-use. Public approval of this undertaking is contingent on its stated altruistic goals — but these must be clearly enumerated. Given the record of our security agencies and their adherence to democratic principles, the Indian populace is unlikely to sanction a project for its own increased policing. Therefore, it is necessary to examine efficiency issues as well, and pre-emptively block dangerous outgrowths with legislative measures. While an open and informed debate is necessary to develop a comprehensive list, some obvious safeguards are outlined below.
First, non-enrollment should not be treated as criminal. There is a history of states using anti-terrorism/anti-insurgency pretexts to flout or curtail civil liberties; often political issues are treated like law and order situations. Enrollment is currently discretionary. However, there could conceivably be a push for universal enrollment in border, coastal and/or “red” states leading to potential harassment of undocumented individuals, especially poor migrants.
Second, governments should not use UID numbers to trump individual choice. States should not be allowed to specifically target individuals from insurgent areas, inconvenient political groups etc. Moreover, state agencies should be barred from using UID numbers to withdraw essential services in any area to coerce relocation or discourage migration.
Third, social security services should not be withheld due to non-enrollment. The UID number is envisioned as a tool to monitor implementation of government programmes. Therefore, it is likely that these schemes will mandate UID enrollment before providing services. In the case of social security services, the onus of enrolment should be on the organisation, not the beneficiary. Also, the enrolment cost (estimated @ Rs. 20-25 per number) should not be taken from social security outlays. Fourth, private organisations should be debarred from pooling data to form comprehensive individual profiles to prevent invasion of privacy. The Authority aims to make the UID number the preferred mode of identification for both users and public/private organisations to drive revenue through its identity authentication service. Given an incontrovertible unique number for one individual across all of his/her life transactions creates the tremendous risk of this data being pooled to recreate the individual’s life history.
Fifth, expenditure incurred should be rationalised and transparent. The UID project comes with no expenditure caps; estimated enrollment costs alone are over Rs. 3000 crore. Unsurprisingly, there is deep interest from multinational technology and private finance organisations. Engagement with civil society will be vital to control ballooning costs and hijack of the project for private profit.
Coming back to the project’s stated purpose of forming the basis for efficient delivery of government programs. It is worthwhile to debate both the relevance and effectiveness of the UID number for delivery of welfare schemes. The problem in targeted welfare schemes is of eligibility and not identity. The varying number of BPL families in the country is due to changing eligibility criteria such as income, calories, and other indicators. Moreover, the largest leakages in welfare schemes are due to organised intermediary defalcation not fake beneficiaries. At best, the UID number will address the latter less significant problem.
Second, governments should not use UID numbers to trump individual choice. States should not be allowed to specifically target individuals from insurgent areas, inconvenient political groups etc. Moreover, state agencies should be barred from using UID numbers to withdraw essential services in any area to coerce relocation or discourage migration.
Third, social security services should not be withheld due to non-enrollment. The UID number is envisioned as a tool to monitor implementation of government programmes. Therefore, it is likely that these schemes will mandate UID enrollment before providing services. In the case of social security services, the onus of enrolment should be on the organisation, not the beneficiary. Also, the enrolment cost (estimated @ Rs. 20-25 per number) should not be taken from social security outlays. Fourth, private organisations should be debarred from pooling data to form comprehensive individual profiles to prevent invasion of privacy. The Authority aims to make the UID number the preferred mode of identification for both users and public/private organisations to drive revenue through its identity authentication service. Given an incontrovertible unique number for one individual across all of his/her life transactions creates the tremendous risk of this data being pooled to recreate the individual’s life history.
Fifth, expenditure incurred should be rationalised and transparent. The UID project comes with no expenditure caps; estimated enrollment costs alone are over Rs. 3000 crore. Unsurprisingly, there is deep interest from multinational technology and private finance organisations. Engagement with civil society will be vital to control ballooning costs and hijack of the project for private profit.
Coming back to the project’s stated purpose of forming the basis for efficient delivery of government programs. It is worthwhile to debate both the relevance and effectiveness of the UID number for delivery of welfare schemes. The problem in targeted welfare schemes is of eligibility and not identity. The varying number of BPL families in the country is due to changing eligibility criteria such as income, calories, and other indicators. Moreover, the largest leakages in welfare schemes are due to organised intermediary defalcation not fake beneficiaries. At best, the UID number will address the latter less significant problem.
Additionally, the design of the UID number reduces its effectiveness. The number will only store name, DoB, gender, parent’s name, address, photograph and biometric info (fingerprints and iris scan) and will only verify identity of individual; defining and tracking beneficiaries, governance of service delivery will all need to be managed at the individual state government, program or scheme level and entail additional expenditure. This approach leaves a huge lacuna in execution and renders already nascent benefits more uncertain.
Last, there are extensive loopholes to successful implementation. The benefits of UID implementation are contingent on near universal enrollment, which is jeopardised by at least two risks. First, enrollment of individuals without documentary proof of identity rests on the “introducer” system, similar to opening an account at a bank. This strategy is both irrelevant and inadequate for migrant workers (especially those in the unorganised sector) and legions will remain unenrolled. Second, in the absence of universal coverage (target enrolment at 600 million people or 50 per cent of population four years from launch), there will need to be alternatives to the UID to obtain service, verify identity etc. In India, all large databases are riddled with errors; some voter lists alone are incomplete and erroneous by as much as 40 per cent. Since, enrollment in UID will not be mandatory, but “demand driven”, the benefit (one number to prove identity for life) will need UID to be accepted as preferred proof of identity by all significant private and public organisations. Given that UID verification will be chargeable (up to Rs. 10 per verification), private organisations may prefer alternative proof of identity thus reducing incentive for voluntary enrollment. The UID project is one of the most ambitious programs in India, without precedence or parallel anywhere. Given its scale, centralised power and potentially invasive use, there is need for transparency of its purpose with civil society and a collaborative design process to ensure that democratic ideals of the country are upheld and derived benefits outweigh its costs
Last, there are extensive loopholes to successful implementation. The benefits of UID implementation are contingent on near universal enrollment, which is jeopardised by at least two risks. First, enrollment of individuals without documentary proof of identity rests on the “introducer” system, similar to opening an account at a bank. This strategy is both irrelevant and inadequate for migrant workers (especially those in the unorganised sector) and legions will remain unenrolled. Second, in the absence of universal coverage (target enrolment at 600 million people or 50 per cent of population four years from launch), there will need to be alternatives to the UID to obtain service, verify identity etc. In India, all large databases are riddled with errors; some voter lists alone are incomplete and erroneous by as much as 40 per cent. Since, enrollment in UID will not be mandatory, but “demand driven”, the benefit (one number to prove identity for life) will need UID to be accepted as preferred proof of identity by all significant private and public organisations. Given that UID verification will be chargeable (up to Rs. 10 per verification), private organisations may prefer alternative proof of identity thus reducing incentive for voluntary enrollment. The UID project is one of the most ambitious programs in India, without precedence or parallel anywhere. Given its scale, centralised power and potentially invasive use, there is need for transparency of its purpose with civil society and a collaborative design process to ensure that democratic ideals of the country are upheld and derived benefits outweigh its costs
The writer is transitioning from the corporate world to activism for state accountability and development. She blogs at bourgeoisinspirations.wordpress.com
____________________________________________________
_____________________________________
166 - UID Legislative Safe Guards by Ruchi Gupta
UID – Legislative Safeguards
Ruchi Gupta (gupta.ruchi@gmail.com)
Legislative Safeguards
UID as the underlying infrastructure will directly enable five types of databases; however, UIDAI will own and takes responsibility for only the primary database with a laissez-faire attitude for the rest. However, given that UID is the enabling tool, the legislative framework must establish UIDAI’s responsibility to constrain certain types of uses, and liability for all end-use. The five database types are as under
1. Basic UID database with identity information
2. State databases (NPR, government schemes, tax, police etc)
3. Credit information companies (CIC) databases, which will hold credit information based
on bank, insurance, telecom etc history
4. NATGRID (21 interlinked dbs) for security and intelligence agencies (exempt from RTI
excepting human rights allegations)
5. Private databases by corporations etc
Costs
1. Individuals with the following characteristics (as substantiated by a self-attested copy)
will not be required to pay for UID enrollment: BPL/AAY; NREGA Card; others.
Privacy/Civil Liberties
1. Registrars will not collect information other than that strictly necessary for providing
service. Information fields must be detailed and approved by UIDAI prior to collection.
2. There will be no legal/financial penalty for non-enrollment now or in future
3. Private organizations with the exception of registrars (enrolling agencies) will not link
benefits to disclosure of UID number e.g. shopping loyalty cards (to limit data
convergence)
4. Every individual with a UID # can ask for a certified copy of all information collected and
stored about him/her once a year free of charge, and unlimited times on payment of
certain fee (Rs. 10 per page as per RTI). There will be a legal provision for financial and
custodial penalty if knowingly inaccurate/incomplete report is provided to the user. (CIC,
NATGRID)
5. There must be inherent assurance that non-possession of identity card will not be
considered an offence, or grounds for detention (State, since ID card will be issued
through the NPR exercise)
6. The front-end of all organizations whose databases will be linked to NATGRID/CIC will
have to inform users before each transaction (or initial registration) that activity will be
reported and tracked (NATGRID, CIC)
Implementation
UID – Legislative Safeguards
Ruchi Gupta (gupta.ruchi@gmail.com)
1. Utilities or state services will not be withheld due to beneficiary’s non-enrolment of UID.
Service will be provided in the interim on production of alternate proof of identification;
implementing agency will initiate process for beneficiary’s UID enrollment.
2. If UID match is not made at the point of sale/delivery, essential services will be provided
on production of alternate proof of identification. UID data will be fixed within X days
(Related question below)
3. In case a registrar is de-registered due to non-compliance of enrollment
processes/standards, affected users will not be denied services while their identity is being
re-verified (or other quality assurance processes initiated)
4. No enrollment agency can force user to continue association against will as condition for
registration (real estate developers organization will be used to enroll migrant workers,
whose identity credentials cannot be verified/guaranteed by the employer. So potentially
UIDAI/employer may have some kind of forced affiliation?)
5. UID will not be used to turn off essential services for any reason other than direct
ineligibility for service e.g., coerce relocation (State)
6. Records of transactions including liabilities in one utility in one aspect will not be used to
deny services of some other utility (State)
Accountability
1. UIDAI will be responsible for all (user or organizational) losses arising out of
false/inaccurate information on UID number
2. Sale or transfer of data to any for-profit/private organization (marketers, corporations,
MNCs) will be illegal, and will lead to closure of such organizations and immediate
termination of employment of involved employees.
3. Any unauthorized collection of data or its misuse will be treated as a human rights
violation and therefore under the ambit of RTI Act (Sec 24) (NATGRID, CIC)
4. If data security is breached (e.g., Indian defense computers were hacked into), UIDAI will
be liable for both breach of information, and subsequent misuse (Potentially irrelevant
because even if the primary UID database is not in the public domain, tack-on databases
will be and it will be impossible to track data breach to any one database)
166 - UID Legislative Safe Guards by Ruchi Gupta
UID – Legislative Safeguards
Ruchi Gupta (gupta.ruchi@gmail.com)
Legislative Safeguards
UID as the underlying infrastructure will directly enable five types of databases; however, UIDAI will own and takes responsibility for only the primary database with a laissez-faire attitude for the rest. However, given that UID is the enabling tool, the legislative framework must establish UIDAI’s responsibility to constrain certain types of uses, and liability for all end-use. The five database types are as under
1. Basic UID database with identity information
2. State databases (NPR, government schemes, tax, police etc)
3. Credit information companies (CIC) databases, which will hold credit information based
on bank, insurance, telecom etc history
4. NATGRID (21 interlinked dbs) for security and intelligence agencies (exempt from RTI
excepting human rights allegations)
5. Private databases by corporations etc
Costs
1. Individuals with the following characteristics (as substantiated by a self-attested copy)
will not be required to pay for UID enrollment: BPL/AAY; NREGA Card; others.
Privacy/Civil Liberties
1. Registrars will not collect information other than that strictly necessary for providing
service. Information fields must be detailed and approved by UIDAI prior to collection.
2. There will be no legal/financial penalty for non-enrollment now or in future
3. Private organizations with the exception of registrars (enrolling agencies) will not link
benefits to disclosure of UID number e.g. shopping loyalty cards (to limit data
convergence)
4. Every individual with a UID # can ask for a certified copy of all information collected and
stored about him/her once a year free of charge, and unlimited times on payment of
certain fee (Rs. 10 per page as per RTI). There will be a legal provision for financial and
custodial penalty if knowingly inaccurate/incomplete report is provided to the user. (CIC,
NATGRID)
5. There must be inherent assurance that non-possession of identity card will not be
considered an offence, or grounds for detention (State, since ID card will be issued
through the NPR exercise)
6. The front-end of all organizations whose databases will be linked to NATGRID/CIC will
have to inform users before each transaction (or initial registration) that activity will be
reported and tracked (NATGRID, CIC)
Implementation
UID – Legislative Safeguards
Ruchi Gupta (gupta.ruchi@gmail.com)
1. Utilities or state services will not be withheld due to beneficiary’s non-enrolment of UID.
Service will be provided in the interim on production of alternate proof of identification;
implementing agency will initiate process for beneficiary’s UID enrollment.
2. If UID match is not made at the point of sale/delivery, essential services will be provided
on production of alternate proof of identification. UID data will be fixed within X days
(Related question below)
3. In case a registrar is de-registered due to non-compliance of enrollment
processes/standards, affected users will not be denied services while their identity is being
re-verified (or other quality assurance processes initiated)
4. No enrollment agency can force user to continue association against will as condition for
registration (real estate developers organization will be used to enroll migrant workers,
whose identity credentials cannot be verified/guaranteed by the employer. So potentially
UIDAI/employer may have some kind of forced affiliation?)
5. UID will not be used to turn off essential services for any reason other than direct
ineligibility for service e.g., coerce relocation (State)
6. Records of transactions including liabilities in one utility in one aspect will not be used to
deny services of some other utility (State)
Accountability
1. UIDAI will be responsible for all (user or organizational) losses arising out of
false/inaccurate information on UID number
2. Sale or transfer of data to any for-profit/private organization (marketers, corporations,
MNCs) will be illegal, and will lead to closure of such organizations and immediate
termination of employment of involved employees.
3. Any unauthorized collection of data or its misuse will be treated as a human rights
violation and therefore under the ambit of RTI Act (Sec 24) (NATGRID, CIC)
4. If data security is breached (e.g., Indian defense computers were hacked into), UIDAI will
be liable for both breach of information, and subsequent misuse (Potentially irrelevant
because even if the primary UID database is not in the public domain, tack-on databases
will be and it will be impossible to track data breach to any one database)
_____________________________________________________
