Without Foundation

Aadhaar, ‘the foundation’ (loosely translated) is a gigantic project, that will assign unique numbers to all people in India, to serve as a single reference point to firmly establish their identity. UIDAI, the Unique Identity Authority of India, has been set up, ad interim, as a department of the Planning Commission of India to steward this project.

AadhaarLogo.png

A friend of mine, Ram Krishnaswamy, has tracked well over 400 articles extolling the merits of the project, and gathered them at the blog “Aadhararticles.blogspot.com”. Specific references are linked in this blogpost.

Rather than reassure, however, they raise questions in the mind about the worth of the project. Ram and I decided to work together to compile some key questions. A detailed version of our study has been published in print, in MoneyLife, the magazine brought out by crusading journalists Sucheta Dalal and Debashis Basu, here and here. This blogpost reflects that article (which is part of an ongoing series). It also reflects some additional information about Q2 below received after it was originally written, and is updated as of Friday, 20 August, 2010.

Q1. Will the intended beneficiaries truly be people who live below the poverty line?
Q2. Will UID meet the needs of the poor?
Q3. How will UID contribute to the country’s economy?
Q4: Is UID (enumeration via a single reference high technology archive) the best way to reduce inefficiencies and prevent money leakages in subsidy programs?
Q5. How effective is the conduct of the pilot studies being carried out?
Q6. Will adequate precautions be taken to safeguard the database?

What is Aadhaar?

What is UID?: The Aadhaar scheme (the brand name has recently been assigned) proposes to assign each Indian resident a unique 12-digit number, thus enumerating Unique IDentity for all. Since the current population of India stands at around 1.2 bn people, in addition to which several millions of foreigners are temporarily based here (some welcomed, others not so, some for weeks, typically on holiday, others for months and years, on business or for many other reasons), UIDAI has set an initial target of issuing some 600 mn unique numbers within five years, ie around 2015 (Making a unique impression).

It seems an ambitious target, and certainly, the scale and cost (Rs 45,000 cr for the first phase) by themselves are ambitiously large.

One might be forgiven for thinking that, possibly, the size of this project, touted as the world’s largest single IT project ever commissioned, is more important than finishing it successfully. So much so, that it is hard for me to define what success might mean.

Q1. Will the intended beneficiaries truly be people who live below the poverty line?

Several press releases and announcements say the primary purpose is social welfare: a problem of dividing wealth equitably. Of course, ‘wealth’ is not really in the picture, India is just trying to guarantee everyone the bare minimum needed to live healthily. Benefits in cash or kind are distributed under various schemes, such as the National Rural Employment Guarantee Scheme, Sarva Shiksha Abhiyaan, National Rural Health Mission and Bharat Nirman.

One of the problems with all these projects, initiatives and schemes is apparently the difficulty of ensuring that benefits are given wholly to the specific people identified as qualifying for specific programs, typically persons living below the poverty line. Such people are easily disenfranchised by an endless cycle of verification of records, ruining efforts made to ensure fair distribution, and is one of the reasons that real delivery rates falter, between 6 and 15 per cent, as estimated by the late Prime Minister Rajiv Gandhi and others.

With Aadhaar, this problem is expected to be dealt with firmly. Aadhaar is a one-time verification system, against which all records will be inextricably linked (Unique Identification Number Project: Cautious Optimism). Any scheme wishing to verify a beneficiary or applicant, given the number, need only check a few critical details – for instance, name, fingerprints and now, perhaps, iris scans – in order to quickly assure the identity. Actually, largely due to the additional need found for iris scans to reduce error rates, the per-user cost estimate has shot up from Rs 31 to Rs 450.

Now, here’s an interesting statement : “The UID will become the single source of identity verification”(Law Resource India). It means that once residents are enrolled, they can use the number in many places – they will be spared the hassle of repeatedly providing supporting identity documents for each service they wish to access.

However, it is pertinent to note that the services that will actually, in the near term, be simplified by Aadhaar numbers, are obtaining a bank account, passport, driving license, and the like (Law Resource India). The public distribution system, the NREGS and other public benefits services have neither budgets nor plans to harmonise their systems with Aadhaar referrals.

It seems clear that, after spending this huge amount of money and putting in all this effort, the UID will, in the initial few years, primarily benefit people who access relatively sophisticated and upmarket services.

What should be particularly sobering is the fact that the home page of the project, which states the Mission, has no mention of benefits, to the poor or anyone else: the task is limited to issue of an unique identifier for all. There is no explanation of why this is a priority. The Mission statement reads: “The role that the Authority envisions is to issue a unique identification number (UID) that can be verified and authenticated in an online, cost-effective manner, and that is robust enough to eliminate duplicate and fake identities.”

Further down, both cost-effectiveness and robustness are examined.

Q2. Will UID meet the needs of the poor?

If a poor person gets money that is due to him directly in his bank account, he will have no reason to plead with tyrannical local officials or grovel before his elected representatives (Against insecurity – UID is a Good Idea).

Sadly, banking in India barely scratches the surface: the total number of bank branches as of March 2009, the latest published figures I could find (Source: Reserve Bank of India), was just over 66,000, and less than half of these were in rural areas, which account for around 70 % of the population.

A quick back-of-the-envelope calculation shows that each and every rural branch would need to service over 22,700 persons. Assuming a family of 4 with a single wage-earner, that would mean over 8,000 accounts – clearly beyond their reach, in a land where urban customers struggle to get decent and timely bank services from branches who need to reach only around 10,000 customers each.

In fact, if we assume that by the time the UID scheme actually reaches the remoter regions, that at least one other adult member is also getting either a job or compensation under NREGS, the number of accounts would creep up beyond urban levels. If disbursements are to be paid mandatorily to bank accounts (the process to be simplified using UID), it sure won’t target the poorest of the poor.

I’ll go one step further: talk about bank accounts is risible. Rural banking is so far from a reality that any leveraging of it for the poorest is highly unlikely.

One emerging solution is microbanking, but microbanking organisations will need to upgrade their technology considerably to deliver services, if UID referrals are to be included. Microbanks are also not included within the broad banking framework, meaning that security measures in place ensure they cannot access clearing house operations, and other such enablers of modern banking, without which none of this leveraging can happen.

The upgrade cost of banking operations is not factored into UID budgets, nor is UIDAI mandated to drive the changes that are needed in the banking system, without which the UID referral is irrelevant.

Q3. How will UID contribute to the country’s economy?

This (Unique ID for Indians – Boon or Bane?) is a big vision project through which government services can be provided, tracked and accounted, together with enabling a multitude of private sector products and services that rely on accurate and positive identification of consumers.

Various departments, based on their needs, will refer to this number. The UID will help remove duplicate names from their service lists. While this would help clean up lists for NREGS (National Rural Employment Guarantee Scheme), senior citizen Pension Schemes, PDS (Public Distribution System) etc, it may also help clean up benami (faux) bank accounts etc. Informally, the Income Tax Department is said to have projected an additional tax collection of about Rs.40,000 crores annually!

These claims might be true, were the scheme intended to act against the continuing use of unaccounted money for trading. In that case, the target community would only be the economic ‘arrivistes’, the people who already have enough money to regularly feel the need to spend or acquire it by underhanded means. This would include all government officers, their extended families, politicians, businesspeople, agriculturists controlling upwards of 25-50 hectares of land, and so on.

In fact, the projected gains, in terms of enhanced income tax collection, simplifying transactions and dealings with government agencies for cash-related activities and so on primarily benefit this economically stable or upwardly mobile class.

However, the scheme is sought to be justified on the basis of deliverables to the downtrodden, not to uncover the moneys conceivably being hidden by the well-off.

It is doubtful whether this project will really boost the country’s economy directly, or will assist it by reducing the outgo on avoidable subsidies, a combination of both these things, or whether the true objective depends on who asks the question.

It seems far more likely that the unstated purpose of the scheme is to target the upwardly mobile class, but to do that, all Indian residents will have to be induced, by one means or another, to register themselves “voluntarily”.

Q4: Is enumeration via a single reference archive the best way to reduce inefficiencies and prevent money leakages in subsidy programs?

Most articles about Aadhaar (see, for instance, The Unique Identity number — putting all eggs in one basket?) harp on the superior quality of technology to be used, and that this will significantly cut the cost, time and hardship of necessary verifications.

The reality is somewhat different: to suggest that the UID assignation process will be robust enough to eliminate duplicate and fake identities, and can be verified and authenticated in an easy, cost-effective way, is somewhat premature, if not simply hype.

Some of the potential flaws in the process are listed briefly:

(a) digitally stored fingerprints are not image scans of real fingerprints, they are digital maps, reduced to a finite number of ‘points’. This computerised system was designed decades ago to cut down the time and effort needed to manually match thousands of prints of previously convicted criminals with a criminal suspect, not to provide perfect identifiers;
(b) digital representations of biometrics invariably allow for both false positives and negatives, as the original purpose is either to facilitate security pass-throughs for a relatively small number of people (convenience), or to rapidly filter through large numbers of images by pre-matching each image to a reduced set of digital markers;
(c) the value addition of iris scanning is unknown for testing on such a scale. The immediate cost is stupendous: per-identity costs go up from about Rs 31 to about Rs 450, but the results are not known, as such testing has never been done. This is quite different from scaling up a relatively reliable known procedure: iris scanning may well be quick and reliable (even after optimising it with a digital shortcut, and securing it from man-in-the-middle attacks during data transfers), but this is currently untested.

Again, it must be emphasised that the purpose here is mission-critical: every single genuine person must be allowed to move ahead with whatever activity is being filtered, without fail, or else the expenditure on UID is wasted.

Similarly, every single fraudulent attempt must be detected and stopped, without fail. Neither achievement is even claimed at this point in time.

By the time the database is created and verification scanners become commonplace, we could end up with a database with a population that exceeds the census figures, and UIDAI will again have to spend again for de-duplication, which would involve knocking on doors of suspected fraudsters (and genuine applicants who may have failed one of the tests or another, for a host of reasons) for identification. This is the present problem, that databases of applicants cannot be absolutely verified.

And it is not even as though the government is blind to the problem. Recently, the Rural Development Ministry launched its own revamped enumeration exercise to identify the poorest of the poor (who qualify for the designation ‘below the poverty line’, or BPL). This exercise is carried out every five years, and the current process is being revamped to eliminate the failures of previous surveys.

Q5. How effective is the conduct of the pilot studies being carried out?

Reports indicate that the rural studies being undertaken in several states fall short of standards of both accuracy and confidence. The National Census exercise, which has been merged this time with the National Population Register, at the urging of the UIDAI, is also contentious.

It is crucial, for a participatory democracy, that those surveyed be honestly and fully informed about the purpose of collecting personal information on such an intrusive and massive scale. Unfortunately, this appears not to be the case, as respondents later claim they were told that they would get free photographs and eye tests, or that this survey would assure them subsidies or the supply of free essentials.

Similarly, respondents of the National Census have been surprised to find that they are expected to reveal details of religion and caste, an enumeration that is against the letter and spirit of the Constitution of India. This has been sidestepped by replacing the census exercise with the creation of the National Population Register, a crucial component of the proposed UID database.

While doing this is evidently legal, it goes beyond the ambit of the Census. As such, it compromises the integrity of an institution that has an honorable and long history (the current Census is the 15th).

A recent article in the mainstream media describes how the trial runs take place: due to the lack of reliable electricity, officials take down data on laptops and even on paper, “to be transported to Bangalore some 75km away and filed electronically.” Will this data be erased from the laptops, and will the paper be destroyed? There’s not a word of caution in this article, which like many in this publication and others like it, seems uncritically laudatory of the mission (and by extension, its superhero-like leader). The thought of such personal information being casually or even criminally accessed, uncommonly easy due to the lack of safeguards, is frightening, or should be.

Q6. Will adequate precautions be taken to safeguard the database?

No system is completely immune to attack or, for that matter, internal leakages, other than one completely sealed off from outside links. Since a centralised digital identity store can only work when incoming data can be matched to the information in the database, one must take for granted that it will be prey to such attacks. This is the bane of all e-Governance scheme designs (Unique ID for Indians – Boon or Bane?).

Legally, there is no effective deterrent for such attacks. Worse, insiders (ie government personnel) are specifically protected by their sovereign work contracts from legal action, except with the specific permission of their superior officers. The existing laws on cybercrimes have not been tested against leakages in government systems, because their Draconian provisions (search and seizure without warrant, massive penalties) do not even apply to government servants.

There are three kinds of database faults: creational (deliberate or accidental falsification of identity, resulting in diversion of benefits from those entitled to them); design-based (incorrect verification due to compromise of the verification process, including man-in-the-middle attacks on data transfers); and procedural (for instance, when telecommunication faults or natural disasters create a need for rapid re-routing of verifications to alternate, or manual, methods). In the absence of an effective legal redressal framework, the process needs review, and should not proceed beyond the research stage.

Even at the research stage, the lack of judicial protection for the Constitutional right to personal privacy deserves highlighting. The conduct of research and live pilot studies inevitably places citizens and residents of India at risk of loss of privacy, particularly with regard to sensitive personal information, including biometrics. Much of this information is needed to safeguard property, ownership, both fixed and movable, especially money itself, and the addition of UID must be wholly positive, or else, not put property at risk.

UIDAI officials have repeatedly stated that such protection must be created, but its lack does not daunt them in practice from carrying out trial activities that in themselves place ordinary people at lifelong risk from abuse of personal information.

The consequences of wrongful identity matching, once UID becomes the standard reference point, are really harsh on the individual, and the current legal environment (civil cases take years and decades to resolve) is not up to the task of providing remediation.

For this reason alone, without completely foolproof systems in several areas of both technology and law (idealistic at best, if not far-fetched), going ahead with the UID is a deplorable waste of money.

To summarise, Ram and I narrowed down on six simple questions, to clear doubts about the deliverable merits of the Aadhaar scheme.

We find that firstly, it is not likely to provide benefits to the poorest of the poor in India, and secondly, is not designed to do so, definitely not in its first phase. We find that it is likely to benefit, on the contrary, the upwardly mobile part of the population, and the government, in the narrow terms of revenue collections, that may get enhanced due to the ease of tracking such well-off people and their financial transactions.

As far as solving the terrible problems that plague the delivery of benefits to the poor is concerned, a single reference point for verifications is neither the best solution known, nor is the exceeding difficulty of building and operating a centralised database achievable at a reasonable cost and effort. The systemic leakages that plague the delivery of social benefits hardly need misidentification, and that too, deliberate misidentification originating from faux beneficiaries. There is no clarity, therefore, on whether making this effort is sensible at all.

There is also no clarity on whether it will be possible to adequately safeguard the database, from its creation to its subsequent use as the ultimate reference. We found serious concerns with the methods being used to gather data in the pilot studies, that point to the possibility of future abuse, as well as manipulation of ill-informed people, in order to make them cooperate.

Advertisements

8 Comments

Filed under Democracy, development, governance, Privacy, social processes, technology

8 responses to “Without Foundation

  1. Please note that an Israeli scientist has found a way to tackle the issues of id theft and mis-usage of the information, by making the info one way only: If you claim that you are person A, we can check with the computer that your claim is correct. But nobody in the computer world, not the programmers, and not even the computers themselves, nobody and nothing can reconstruct an id from the information stored in the computers. There are no lists of people’s id information stored anywhere. Rather the information is scattered in a ONE WAY storage, so that you can check real world identification information and find out if that is correct according to the scattered storage, but you cannot ask the storage what the information was.

    Its like password protection, where you give a list of passwords into the system, there’s no way anyone can retrieve those passwords. All you can do is check if what you supply is one of the passwords. And then you can never use it again.

    • Vic

      This is somewhat what the Aadhaar scheme promises, with some changes. It claims the information will be one-way, that is, no-one should be able to extract the information, but there will still be a database. That is the first point of divergence, and potentially one of failure as well. Secondly, the information claimed to be used for verification is fingerprints, and in case that should fail, iris scans. Unfortunately, both of these have serious drawbacks as unique lifetime identifiers, and can only cause a different kind of havoc for poor people who are the supposed beneficiaries of this initiative. The root problem today is widespread corruption, and this will do nothing to prevent that. Only the focal point of leakage will move.

  2. This article is truer to its objective, than the reproduction : http://www.moneylife.in/article/7752.html

    Secondly, all this talk about one-way communication is just a lot of hot air. One way encryption has been a solved problem for a very long time – yet there have been more and more attacks (like the man-in-the-middle attacks) that completely neutralize the technology. One way storage is also something that there is a lot of support for : http://blogs.sun.com/roger/entry/distributed_storage_open_source_celeste

    The aadhaar code MUST be open source. No two ways around it. It doesnt mean that everyone will be able to hack it – quite the opposite, independent audits guarantee that it is indeed secure. You cannot depend on contractually obligated third parties to do that for you.

    Sadly, everyone talks about the biometric part – nobody is concerned about the security protocols and the database backends. Look at the amount of work done by the U.S. Govt (as opensource) in terms of security protocols for identity verification – http://www.nist.gov/itl/iad/ig/mbark.cfm http://www.openbiometricsinitiative.org/download.html
    http://shibboleth.internet2.edu/

    Where are our studies about this ? The whole system is not biometrics and de-duplication. The most critical aspects of the system is storage, search and communication – where are ANY discussions on that ?

    • Vic

      The art of good magic is misdirection. By creating a public controversy about biometrics, the relevant issues are completely sidelined. At one fell swoop, the whopping sum of Rs 7,000 cr has been budgeted this year for enrollment of people in a database that does not even have the most rudimentary Parliamentary approval, never mind detailed discussion on the operational risks and likelihood of developing a practical system (which has not been done anywhere else) as proposed here.

      • Sorry.

        I did not realize what the main issue was in India. I’m from Israel, with a tiny population compared to yours, ALL with ID and technology.

      • Vic

        What are the fallback arrangements for failures ie if the verification point is equipped with a fingerprint reader, how do they deal with an amputee? If the person is in fact genuine, what is the maximum time allowed for detention while fallbacks are being applied, in order to avoid harassing people? What recourse is made available for people detained unnecessarily due to failures in the system? If such systems are used to provide subsidies, what level of delays are permitted for multiple levels of verification?

        And what compensations are provided for in case of data leakage? What is the law regarding personal privacy?

  3. The blog referred to here- Aadhaararticles.blogspot.com does not exist.
    Has it been deleted?

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s