Uniquely identifying the Unique Identification process

Unique identification for every citizen of India is an ambitious project that is currently underway. The project is carried out by the Unique Identification Authority of India (UIDAI) and the unique identification is called Aadhar. It is my personal opinion that the process of uniquely identifying all Indian citizens (at a National level) is long overdue. Here are some of the finer aspects of UID’s project that are yet to be cleared up.

Obtaining data at a grass root level
Identifying citizens have been done numerous times by a myriad of agencies with in the government such as Income Tax (by creating Permanent Account Numbers) and External Affairs (by providing passports). What lies common to both these agencies is a need that is created for the citizen; to operate a bank account you need a PAN or to travel outside India you need a passport. In the case of UID the need is not clearly attached or maybe not clearly communicated. Hopefully soon all government interactions will require an Aadhar but, I think Aadhar should start at birth (at registering a new born).

Collecting biometric information such as finger prints and iris scans is definitely a leap forward in unique identification. Although codifying biometric information is not that difficult, however finding duplicates is an enormous task. I’m not sure if India has the computing power to find duplicates from the biometric data that is being collected, within a reasonable time frame. This is not to say that duplicate Aadhars will not be found, but for the short-run, it maybe possible to get multiple Aadhars! Watch out

Financial feasibility
A few weeks ago, my company got an enquiry to collect data for the UIDAI. A sub vendor was looking for a company that has the ability to invest resources (people and money) to help UIDAI collect data within a few specified districts. Initially I was shocked to learn that sensitive data collection was being outsourced to private companies. Later I learnt that there are security measures embedded within the data collection that may prevent tampering. Though I shall not question the eligibility of these companies to collect data, I question their ability to collect so much data in a sane and verifiable manner.

Why would these companies need to outsource this function and still maintain the risk of data tampering? My guess would be that these companies would be on priority for further projects, and most of the data cannot be verified by the government unless the citizen complains (who complains about their biometrics?)

Here are some numbers to keep this article interesting: the offer to my company was Rs 22 per registered citizen. Assuming an 8 hour day and around 8-9 minutes per registration (each registration includes, a photo, finger print, retinal / iris scan, document verification and some brief data entry) will result in a revenue of Rs 171600 per month for a single station. To make a nice round figure let’s look at 5 station and the initial expenses as fees and equipment for 5 stations comes to Rs 2154705.

Taking 3 years as depreciation for electronic equipment, and doing some math, the loss is approximately 1.26 lakhs per month! Now, if we work backwards, to break even, we should be able to process each registration under 4.5 minutes. What is the feasibility that the 5 step registration process will be completed at an average of 4.5 minutes? My experience with getting a voter’s ID having 3 steps was nearly 15 minutes! With these numbers there is going to massive cost over runs and selected private companies will have the opportunity to make a killing profit.

Data access and data sharing
According to UIDAI website, the security of data that resides with UIDAI seems to be rather well done. However, having a central data repository is of no use if data is not allowed to be extracted from it! The querying mechanism is not yet clear but the query response to see if an Aadhar is true is just a yes or no. No other data seems to be shared.

So on one hand the biometric data that we provide of ourselves is secure, but it is of no use, other than saying, yes a particular Aadhar number exists. However, if the reverse were true, i.e. if I provide a retinal scan a government agency can pull up my Aadhar number and associated information, then it’s a worthwhile system.

When there is a centralised system about individual information, there are numerous social implications if this system fails. I shall not go into privacy laws, so here are some links for further reading:

Existing Data
What about all the data about individual identity that is already collected, for example, on state ration card, voters ID, LPG connections. How will Aadhar connect all these different databases? Will it be the responsibility of the individual to go and present their Aadhar number to each government agency and update their information? This is definitely going to create a messy situtation!

Overall, I eagerly look forward to my Aadhar number!