All about a number: UID for Dummies: Part II

What are the concerns with the UID? – talking biometrics, privacy, data security, surveillance. Where else has UID been implemented globally? Are there other databases like this? The final part of a handbook on UID

What are the concerns with the UID? – talking biometrics, privacy, data security, surveillance. Where else has UID been implemented globally? Are there other databases like this? This is the final part of a handbook on UID written by Simi Chacko and Pratiksha Khanduri, graduate students at JNU and DSE respectively.

[Editor’s note]: Below is the full text (unedited) of a handbook called UID for Dummies, released in August 2011. The handbook has been written by Simi Chacko and Pratiksha Khanduri of JNU and DSE respectively, and addresses questions, procedures and concerns that many of us have regarding the UID project. The views expressed in this handbook are those of the authors alone.

Part 1 of the Handbook can be readhere.

D. Concerns: Biometrics, Privacy, Data security, Surveillance

Q. 20. What are biometrics?

UID Thumbprint

UID Thumbprint

Biometrics is the science of identifying persons based on their physical (e.g. fingerprints) or behavioural (e.g. voice) traits. It builds on the fact that individuals are physically and behaviourally unique in many ways. Technically, biometrics has been defined by experts as “the automated recognition of individuals based on their behavioural and biological characteristics. It is a tool for establishing confidence that one is dealing with individuals who are already known (or not known)—and consequently that they belong to a group with certain rights (or to a group to be denied certain privileges).”

Post “9/11”, many countries have overhauled their surveillance mechanisms through legislations and technological upgrades, and subjected the public to scrutiny. When this revamp began, the use of biometrics came to be seen as inevitable. Fierce debates emerged, as opponents have raised strong arguments against intensive monitoring, profiling and invasion of privacy. Though some of these objections stem from exaggerated fears of being victimised by government agencies wielding excessive power, others are not unjustified.

Q. 21. What are the technological concerns that face UID?

Many concerns have been expressed about the technological feasibility, reliability and safety of the UID project. Here are some.

A recent NASSCOM document, prepared by Dr. Kamlesh Bajaj, points out that since the UID database has to be accessible over networks in real time, it involves major operational and security risks – as with any such applications. If networks fail or become unavailable, the entire identification system may collapse. Biometric and other data may become a target for hackers and other malicious entities. “Such a system is also prone to functional creep (secondary uses) and insider abuse. There is also a significant risk of transmitting biometric data over networks where they may be intercepted, copied, and actually tampered with, often without any detection”.

Another concern is the reliability of biometrics. For instance, since iris development does not take place till the age of 7 years and children do not have sharp patterns of fingerprints till they are 15, giving children UID numbers is a huge challenge. Also, worn-out fingers of farmers and manual labourers will be difficult to scan, and an iris scan can’t be done on people with corneal blindness or corneal scars. Some experts also argue that manufacturers have not been able to put into practice a fingerprint system that can effectively distinguish human fingers and artificial fingers of silicon, rubber, acrylic, paint, etc.

Aside from the costs of employing such a system, inclusive of not just the financial expenditure, but also of the time and effort it takes to enrol individuals and collect their biometric data, 100% reliability in authentication can never be guaranteed. A large proportion of biometric trials have been conducted in the “frequent traveller” setting, among volunteers who are primarily white male professionals in the 20-55 age groups. Diverse conditions will throw up more challenges to such a system.

Q. 22. Does UIDAI currently function under the purview of a law?

Ironically enough, UIDAI has been on an enrolling spree since September 2010 without a law sanctioned by the Parliament. However, as we saw, the proposed NIAI Bill seeks to establish the National Identification Authority of India (NIAI) as a statutory authority and lay down rules, processes and safeguards concerning Aadhaar. The NIAI would consist of a chairperson and two part-time members. The bill also authorizes the creation of an Identity Review Committee, designed to monitor usage patterns of UID numbers.

Biometrics: Reliable or Fallible?

Pic courtesy: biolab

Pic courtesy: biolab

Over the years, biometrics are being used more and more for a wide variety of purposes, such as to “recognize individuals and regulate access to physical spaces, information, services, and to other rights or benefits, including the ability to cross international borders.”

Here’s why biometric systems have a shaky base:

 Variation within persons: Biometric information may be affected by changes in age, environment, disease, stress, occupational factors, training and prompting, intentional alterations, socio-cultural aspects of the situation in which the presentation occurs, changes in human interface with the system, etc.

 Sensors: “Sensor age and calibration, how well the interface at any given time mitigates extraneous factors, and the sensitivity of sensor performance to variation in the ambient environment (such as light levels) all can play a role.”

 Feature extraction and matching algorithms: “Biometric characteristics cannot be directly compared but require stable and distinctive ‘features’ to first be extracted from sensor outputs”. For example, every finger of an individual will generate a different image due to external factors such as dirt, moisture, etc. Therefore these multiple impressions from one finger can be matched by good algorithms to the correct finger source.

 Data integrity: “Information may be degraded through legitimate data manipulation or transformation or degraded and/or corrupted owing to security breaches, mismanagement, inappropriate compression, or some other means.”

Also, social, cultural and legal factors come to have a bearing on such a system’s acceptance by its users, its performance, or whether a system like this should be adopted in the first place. Such factors need to be unequivocally taken into consideration while designing the system. That is to say, the effectiveness and accuracy of the system is contingent on user behaviour which in turn is shaped by the larger social, cultural and legal context.

“When used in contexts where individuals are claiming enrolment or entitlement to a benefit, biometric systems could disenfranchise people who are unable to participate for physical, social, or cultural reasons. For these reasons, the use of biometrics— especially in applications driven by public policy, where the affected population may have little alternative to participation—merits careful oversight and public discussion to anticipate and minimize detrimental societal and individual effects and to avoid violating privacy and due process rights.” (p. 10)

Another disquieting aspect of biometric systems is the potential for misuse of power. Many experts have suggested that such fears must be addressed with all seriousness.

Although biometric systems have penetrated many areas, like identifying terrorists, criminals, personalization of social services, better control of access to financial accounts, etc, yet, a number of unsettled questions remain regarding the effectiveness and management of systems for biometric recognition, as well as the appropriateness and societal impact of their use. It looks set to expand into more areas but the intrinsic concerns of such a system have clearly not been adequately addressed. Not even close.

Source: Biometric Recognition: Challenges and Opportunities, Joseph N. Pato and Lynette I. Millett (eds.); Whither Biometrics Committee, National Research Council, 2010.

Though the information gathered by the NIAI may be shared with other agencies with the consent of the UID number holder, in this bill, the safeguards for protection of privacy of individuals are weak. Under Clause 33 (b), the NIAI is required to disclose identity information in the interest of national security, if so directed by an authorised officer of the rank of Joint Secretary or above in the central government. The safeguard for protection of privacy differ from the Supreme Court guidelines on telephone tapping; these permit phone tapping under threat of “public emergency” for a period of six months, while information gathered by UID can be shared in the interest of national security, offering no review mechanism.

This leaves space for profiling and surveillance of individuals by intelligence agencies, as nothing in the bill prevents them from using the UID to “link” various databases (such as telephone records, air travel records, etc.). This kind of a system could lead to persecution of innocent individuals who may get tagged falsely as potential threats.

As far as “Offences and Penalties” are concerned in this bill, it holds that no court shall acknowledge any offence except on a complaint made by the NIAI. This effectively exempts NIAI of any public accountability. This heavy concentration of power in a single authority is alarming and raises grave doubts about just how transparent this system really is.

Q. 23. How does UID impact privacy concerns in India?

Internationally, there is growing concern about privacy and its protection. In India, however, paying lip service to this issue once in a while is as good as it gets. (Although in May 2000, the Indian government passed the Information Technology Act, a set of regulations meant to provide a comprehensive regulatory environment for electronic commerce).

Despite all assurances about protection of sensitive information on mass scale, it must be acknowledged that any database that stocks up such personal information brings with it the risk of misuse by various agencies be it public or private, impinging on an individual’s privacy. Even UIDAI chief Nandan Nilekani has conceded, on record, that the country needed well-defined privacy laws to prevent any malicious use of data. Regarding the possibility of data being misused, he said that the only service provided by the UIDAI was that of authentication.

In the NIAI Bill, there are sketchy descriptions of offences like “intentionally” accessing the UID database and damaging, stealing, altering or disrupting the data. But it provides no means for a person whose data is stored to know that such an offence has been committed; and it does not allow prosecution to be launched except on a complaint made by the authority or someone authorised by it.

So, given the lack of privacy laws in India, “convergence” of the UID database with other systems could spell a lot of trouble.

A related danger is “tracking”. This stands to alter the relationship between the state and the citizen. With the integration of databases, the state would have enormous power to track people’s movements and communications, or to profile them.

Q. 24. Is there a redressal mechanism?

It is unclear as to how errors and inaccuracies in the UID database will be corrected as they emerge. Under the proposed NIAI Bill, if someone finds that his/her “identity information” is wrong, he/she is supposed to “request the Authority” to correct it, upon which the Authority “may, if it is satisfied, make such alteration as may be required”. So although there is a legal compulsion to alert the Authority, there’s no right to correction.

E. UID and Other Databases

Q. 25. What is NATGRID?

Inauguration of the UID scheme and issue of first UID card. Pic:

Inauguration of the UID scheme and issue of first UID card. Pic:

In a lecture he gave at the 22nd Intelligence Bureau Centenary Endowment in December 2009, Home Minister P. Chidambram announced that the central government had decided to create a National Intelligence Grid (NATGRID). “Under Natgrid, twenty-one sets of databases will be networked to achieve quick seamless and secure access to desired information for intelligence and enforcement agencies,” he said. Under this, the UID number of each individual will become the link between the different databases. These databases would be integrated with information available not just with government agencies and public sector, but also private organizations such as banks, insurance companies, stock exchanges, airlines, railways, telecom service providers, chemical vendors, etc. This would give security agencies the power to access sensitive personal information such as bank account details, market transactions, websites visited, credit card transactions etc.

In the 2011-2012 budget, NATGRID got an allocation of Rs. 41 crores. With an estimated overall budget of Rs 2,800 crores and a staff of 300, NATGRID is supposed to be a “world-class” measure for combating terrorism and dealing with internal security threats. NATGRID is headed by Captain Raghu Raman, former Chief of Mahindra Special Services Group.

Telecom and internet service providers will be obligated by regulations to link up their databases with NATGRID: “The databases so far identified for being linked in the grid include those of rail and air travel, phone calls, bank accounts, credit card transactions, passport and visa records, PAN cards, land and property records, automobile ownership and driving licences.” In India, a citizen has virtually no legal protection against government surveillance. In a petition filed by People’s Union for Civil Liberties (PUCL) in 1996, the Supreme Court ruled against arbitrary surveillance. This was overturned by Parliament with the passage of the Information Technology (Amendment) Act 2008. No political party raised any objections when the government passed this Act, which removed certain safeguards against surveillance.

In a case pertaining to invasion of privacy, pending before the Delhi High Court, the Court observed: “We have no clear definition of what is meant by ‘invasion of privacy’ within the RTI Act.”

Then in February 2010, the Cabinet Committee on Security expressed its reservations to the Home Ministry about protection of individuals’ privacy within NATGRID and its zealous goals, and held up its development till the ministry prepared a detailed report on “inbuilt safety mechanism.”

That wasn’t the only hiccup. Even Finance Minister Pranab Mukherjee adopted a cautious tone in a hand-written note addressed to NATGRID’s CEO, Raghu Raman. “Intrusion into privacy of the bank depositors is just not acceptable as it will discredit the banking system and the people will start using other modes for securing their funds and carry on transactions,” said Mukherjee. This was a reaction to Raman’s efforts at giving directives to the Reserve Bank of India (RBI) to allow his organisation access to individual savings accounts through the district magistrates to identify the “terror money trail”.

Q. 26. What is Crime and Criminal Tracking Network and Systems (CCTNS)?

The Crime and Criminal Tracking Network and Systems (CCTNS), on the other hand, with an outlay of Rs 2,000 crores, aims at creating a comprehensive and integrated system for enhancing the efficiency and effectiveness of policing at the police station level through interlinking CCTNS with UID. It would facilitate exchange of data on criminals. Around 20,000 police stations, courts, fingerprint bureaus, forensic laboratories etc., will be linked on a national databank, thereby helping people to lodge and track complaints on line. Linking of UID with such e-governance projects will lead to consolidation of data and greater profiling by the state.

Q. 27. What is the National Population Register (NPR) and how is it linked to UID?

The arduous task of providing over a billion people with a UID number also overlaps with the mandatory Census of 2011, which will ultimately lead to the establishment of the National Population Register (NPR). The NPR project has not been initiated under the Census Act, 1948. It is being carried out under the Citizenship Act of 1955 (after an amendment was made) and the Citizenship (Registration of Citizens and Issue of National Identity Cards) Rules 2003.

After a cabinet meeting in March 2010, chaired by Prime Minister Manmohan Singh, the creation of NPR was approved. “The project would cover an estimated population of 1.2 billion and the total cost of the scheme is Rs 3,539.24 crores,” Information and Broadcasting Minister Ambika Soni told reporters. She said the creation of a digital database with identity details of all individuals along with their photographs and finger biometrics “will result in the creation of a biometrics based identity system in the country… will enhance the efficacy of providing services to the residents under government schemes and programmes, improve the security scenario and check identity frauds in the country”.

Data for the NPR will be collected along with the house listing and housing census which started in April 2010, and was supposed to be completed by September 2010. The NPR database, on being finalized, is to be sent to the UIDAI for biometric de-duplication and allocation of a UID number. “This number will be added to the NPR database,” Soni said.

Little is known about how the government plans to integrate UID with NPR. In the village of Tembhali, both were meant to work together in capturing biometrics. The Census Office (also known as the Registrar General of India) has been given the authority to collect the biometric data through an Act of Parliament. But the information recorded by the private enrolment agency working for UIDAI is different from the details captured by the census enumerators. Unique identity numbers were meant to be issued by the agency based on the information recorded for NPR. This meant that while every Indian resident would have an NPR card and a UID number, the enrolment was meant to be carried out by the Census office .

But for now it looks like the private registrars working on behalf of UIDAI do not have access to the digitised NPR information and have started the collection process again. In a recent report, it was found that in Sahada, a tehsil in Nandurbar (Maharashtra), the residents were being enrolled again even though they were the first recipients of UID cards in the country last September. Tera Software Limited, the registrar in Sahada, has been collecting information which doesn’t match with the details collected by the census office. While the census captured demographic data such as name, address, educational qualifications etc, the UID enrolment form has been asking residents to fill up information such as voter card number, PAN number, LPG connection number, etc.

Recently, UIDAI put forward a request to the government for an additional Rs. 15,000 crores to enrol the population by capturing the biometric data by using its own agents.

This means that if both Census and UIDAI carry out their own enrolments, it would cost the government an additional Rs 10,000 to 40,000 crores. Also, while the UID is doling out incentives for people to register, NPR has no such plans. Because of this, states such as Rajasthan, Madhya Pradesh and Gujarat have opted out of NPR. While UIDAI has relied on 209 registrars as part of its “outsourced service oriented” infrastructure, concerns have been raised about private enrolment agencies handling personal data such as bank account details.

The risk of misuse gets greater as some of the enrolment agencies such as Alankit Assignments, Alankit Finsec and Alankit Lifecare have a stake in the healthcare and insurance sectors. Some private enrolment agencies such as Tera Software have been found sub-contracting the work to other firms without government approval. A group of central public sector firms and the Department of Information Technology are responsible for capturing biometric data for NPR. Concerns were raised by the Standing Finance Committee of the Parliament for the Ministry of Planning about UIDAI collecting biometric data without any legal approval.

There are critical arguments against such linking of data. Says law researcher and rights activist Usha Ramanathan: “There is an express provision regarding ‘confidentiality’ in the Census Act, which is not merely missing in the Citizenship Act and Rules but there is an express objective of making the information available to the UIDAI for instance, which marks an important distinction between the two processes. Section 15 of the Census Act categorically makes the information that we give to the census agency ‘not open to inspection nor admissible in evidence’. The Census Act enables the collection of information so that the state has a profile of the population; it is expressly not to profile the individual.”

She continues, “The information gathered in the house-to-house survey, and the biometrics collected during the exercise, will be fed into the UID database. This will provide the bridge between the ‘silos’ of data that are already in existence, and which the NPR will also bring into being.”

And now to briefly turn to UK’s experience when the proposal of initiating a National ID system was in consideration. It saw a multitude of arguments from civil society activists and the media about the issue. “The government wants to reassure us. It says it’s trustworthy; it says there’s a lot of scattered data out there about us anyway – surely it’s just common sense to link it up? Yet security experts know that the linking and aggregation of detailed personal information on this gigantic scale will be unstable and dangerous to everyone, because of the depth of what it reveals, because of its secrecy and because it will present a vulnerable target for electronic attack, whether by hostile governments, by international terrorism, or by your spiteful colleague,” says Christina Zaba, a journalist and activist.

Q. 28. How is UID related to NATGRID, CCTNS, NPR and other databases?

The UID number will be fed into a database to be shared with NATGRID, which includes 11 security and intelligence agencies (Intelligence Bureau, Research and Analysis Wing, CBI, Central Boards of Excise and Direct Taxes, etc). This kind of cross agency interlinking will enable them “to detect patterns, trace sources for monies and support, track travellers, and identify those who must be watched, investigated, disabled and neutralized”.

“There are presently various pieces of information available separately, and held in discrete ‘silos’. We give information to a range of agencies; as much as is necessary for them to do their job…The ease with which technology has whittled down the notion of the private has to be contained, not expanded. The UID, in contrast, will act as a bridge between these silos of information, and it will take the control away from the individual about what information we want to share, and with whom,” says Usha Ramanathan.

Q. 29. Is there a role for private sector firms in the UID project?

There’s a good reason why the UID project is getting a unanimous thumbs up from the corporate sector. Initial estimates suggest that the project will create 1,00,000 new jobs in the country, and business opportunities worth Rs 6,500 crores in the first phase.

The UID project, built on the PPP model, is a complicated system that depends on complex technology. Aside from issuing UID numbers, the UIDAI is expected to act as a regulatory authority, manage a Central Identities Data Repository (CIDR), update resident information and authenticate the identity of the residents as required.

UIDAI has awarded four consortia (Accenture, Mahindra Satyam, Morpho and L1-Identity Solutions) to implement core biometric identification systems in support of the Aadhaar programme. Essentially these four agencies would design, supply, install, commission, maintain and support the biometric identification subsystem. They would also be involved in the development of a software development kit (SDK) for client enrolment stations, the verification server, manual adjudication and monitoring functions of the UID application.

As far as Accenture is concerned, the terms of its initial contract will run up to two years or until 200 million enrolments have been registered (whichever comes first). Along with Accenture, the team includes Daon, a leading global provider of biometric technologies, and MindTree, a Bangalore-based global IT company that delivers innovative technology solutions. L-1 Identity Solutions is a large American defense contractor in Connecticut. It was formed in August 2006 from a merger of Viisage Technology and Identix Incorporated. It specializes in selling face recognition systems, electronic passports such as Fly Clear, and other biometric technology to governments such as the United States and Saudi Arabia. It also licenses technology to other companies internationally, including China.

Also, the contracts for purchase of biometric devices have been bagged by Tata Consultancy Services (TCS), HCL Info Systems Ltd, Base Systems Pvt Ltd, 4G Identity Solutions Pvt Ltd, e-Smart Systems Pvt Ltd.

Private players are set to reap the benefits. “We considered 2009 as a launch year for the expo entirely focused on homeland security and we saw over 130 companies from 15 countries participate. Next year we expect larger participation, especially from the US and European countries including France and Russia,” Mehul Thakkar, marketing manager of INDESEC, said.

Q. 30. More than meets the eye?

With regard to L1 Identity Solutions, it is interesting that former Central Intelligence Agency (CIA) and other American defense organisations’ officers are now working in the capacity of directors and other positions in the top management of the company. While that is not exactly illegal, it has overtones of inappropriateness. George Tenet, former director, CIA, is on the board of directors of L1 Identity Solutions, among other similar organizations, and has been accused, not without reason, of profiting from the involvement of such companies in the Iraq war. Also Safran, a French company, acquired L-1 Identity Solutions following the sale of L-1’s intelligence services businesses to BAE Systems. After giving effect to the BAE Systems transaction, L-1 will consist of Secure Credentialing Solutions, Biometric and Enterprise Access Solutions and Enrolment Services.

In the United States, L-1 not only manages the state driver’s license business but is also engaged in the production of all passports, provides identification documents for the Department of Defence and has contracts with nearly every intelligence agency in the government. L-1 was rejected by US government agencies on grounds of low quality of its biometric cards. In June 2010, a support contract unit of L-3 Communications Corp said it was de-listed from providing service to any federal agencies in the US. The support contract unit was providing aircraft maintenance and logistic support to the US Air Force. The unit allegedly used government computer networks to collect data to promote its own business. In September 2010, the company received US$ 24 million for the project from the UIDAI. The company has already shipped some units of the Agile TP fingerprint slap devices and mobile iris cameras. In a Forward Looking Statement the company said it hopes to complete the remainder of the shipment by March 2011.

Mark Lerner, who is with the Constitutional Alliance (an American non-profit educational organisation) and is also the author of the book Your Body is Your ID, says: “To a large extent it is fair to say that your personal information is L-1’s information. L-1 is the same company that thinks our political party affiliation should be on our driver’s license along with our race.” Commenting on L-1’s acquisition by Safran, he continues: “Just think about how happy you can feel now knowing that your personal information including your social security number and biometric information (fingerprints, iris scans and digital facial images) may soon be available to a French company. The federal government must sign off on the deal before the deal can be sealed. All this brings us back to the topic of the revolving door that exists between government and corporations.”

The prospect of such companies having a deep reach into the massive sensitive UID database would make any person weary.

Q. 31. Are there any other business interests in UID we should be concerned about?

Yes. For instance, there is a vast potential for UID applications in the field of marketing. UID seems set to facilitate charting of consumption patterns to an integrated pan India database which “would work towards promoting India as an accessible market place for banking, financial and other institutions”. This is possibly going to alter the idea of citizenship drastically in the end.

Addressing the Nielsen Company’s “Consumer 360” event in New Delhi on 25 November 2010, UIDAI Chairman Nandan Nilekani said that over a third of India’s 1.1 billion “consumers” had been largely overlooked in areas such as banking and social services.

“The (unique identification) number will create a much more open marketplace, where hundreds of millions of people who were shut out of services will now be able to access them,” he told business leaders, adding that the poor find it difficult to reach the market. “Their anonymity limits agencies from providing them services that are remotely available, and that could be accessed through a mobile phone,” he said.

There is a definite move in the industry to co-opt the public on the use of sensor technology and how it can radicalize everyday life. According to Infosys’s chief executive officer S. Gopalakrishnan, sensor technologies integrated with IT networks, cloud computing, and the mobile internet “will drive investment, and change how companies automate business processes in the future”. Integrated sensor technologies are attuned to identifying a customer entering a store and offer her new products and customized discounts based on her prior buying behaviour, he adds.

The use of biometrics in consumer ID applications worldwide are projected to grow at a Compound Annual Growth Rate (CAGR) of around 27% between 2010 and 2012. With advancements in sensor technology and algorithms, biometrics seems to have become a choice for the financial services industry as well.

F. Similar Initiatives across the World

Q. 32. How have other countries approached such projects?

Debates about systems of national identification have been taking place worldwide for a long time, but with a growing intensity in the last few years. Technological progress and the current socio-political scenario have led to growing support for complex ID systems from governments and particular sections of the population. Below is a brief description of similar projects across the world (for country-specific details, see Appendix 2).

Some of the most prolific examples of National ID programmes and their subsequent outcomes can be seen in Australia, UK and the US. Australia witnessed perhaps the fiercest opposition to national ID cards. In 1985, there was a proposal to introduce these cards (mostly for curbing tax evasion) but due to severe backlash from activists and citizens, backed by strong media support, it was withdrawn in 1987.

The Real ID Act passed by the US in 2005 has also been opposed by many states on grounds of privacy and threat to data security. As a compromise, the Obama administration, in 2009, introduced Pass ID in the Congress. The Pass ID Act sets strong security standards for identification cards and driver’s licenses. However, it does not collect personal information of individuals and store it in a centralized database, accessible by any state authority, as the UID project does.

After many deliberations and public debates, the “UK National Identity Card Scheme” was scrapped in 2011 by the Conservative-Lib Dem Coalition. Some of the primary reasons cited were the cost of implementing the scheme (£4.5bn) and the infringement of civil liberties. Among European nations, many have ID cards, voluntary or mandatory. An interesting case is that of Germany. Starting in November 2010, German ID cards were incorporated with RFID chips containing personally identifiable information including a biometric photo and, if desired, two fingerprints. After a group hacked the new national ID system, live on TV, Germany’s Federal Office for Information Security acknowledged that the card’s PIN can be cracked using trojan malware, similar to keylogging software.

Some West Asian countries are planning to issue “smart” ID cards, with Oman taking the lead. The ID card in Oman stores fingerprints, but information on the card is not given to all government agencies nor the private sector.

In Asia, one country worth mentioning is Malaysia, which has made a successful transition to a smart card containing personal information including health details and driving licenses. Taiwan’s attempts to introduce a national ID card with fingerprints met with severe opposition due to privacy issues. In China, there was a system of providing ID cards, containing very basic information, since 1985. In 2003, the card was legally updated for law and order purposes and comprised of a chip storing additional information. By 2004, the government introduced the “second generation” mandatory ID cards, which had a small storage capacity, therefore restricting information to name, gender, ethnicity, residence and date of birth – but decided against it as this huge system was found to be very challenging to handle and of doubtful reliability.

Given this context, it becomes glaringly obvious just how pervasive and intrusive the UID system is set to be, far more than any of the systems that have been rejected elsewhere. Some people argue that just because countries like the US, UK and Australia were not able to implement or simply scrapped similar programmes, doesn’t mean India cannot do it – India can be a leader in implementing such an ambitious programme. But then again, isn’t it sensible for a “global” nation like India to learn from the experiences of other countries – the very same ones a section of the population believes India aspires to be like?


It is important to understand that implementing a national ID system of this magnitude is poised to alter the way we live as well as the relationship between the citizen and the state. As Graham Greenleaf, an Australian data protection expert and one of the pioneers of the anti-ID card movement, puts it: “Is it realistic to believe that the production of identity cards by children to adults in authority to prove their age will be ‘purely voluntary’? The next generation of children may be accustomed to always carrying their Cards, to get a bus or movie concession, or to prove they are old enough to drink, so that in adult life they will regard production of an ID card as a routine aspect of most transactions.”

The UID project has the potential of being a financially exorbitant and socially invasive debacle, given that it is the largest national ID card project in the world, in scale and scope. Instead of the government becoming more accountable to its citizens, this system lays the burden on the governed. Of course, if the project succeeds, it may have useful applications too. But does this justify the kind of intrusion that UID is set to create into people’s lives? Perhaps what would help is a meaningful dialogue with various sections of society, with ample space to debate the implications of such a project and even reconsider it.

This is a booklet on UID released in August 2011.

Simi Chacko and Pratiksha Khanduri are graduate students at Jawaharlal Nehru University (JNU, New Delhi) and the Delhi School of Economics, respectively (You can write to them at

The primer relies on official documents (such as the UIDAI’s “Strategic Overview”, “Handbook for Registrars”, “UID and Public Health” paper, etc) as far as the official side of the picture is concerned. This is complemented with other publicly available material, e.g. newspaper articles, reports, interviews, public lectures, websites, etc. The authors wish to thank Reetika Khera and Jean Drèze for their useful inputs and insightful comments.

The future is not a result of choices among alternative paths offered by the present, but a place that is created--created first in the mind and will, created next in activity. The future is not some place we are going to, but one we are creating. more


  Top Stories on TA

  Top Stories in SOCIETY

   Get stories like this in your inbox

The future is not a result of choices among alternative paths offered by the present, but a place that is created--created first in the mind and will, created next in activity. The future is not some place we are going to, but one we are creating. more
   What's Good

Discuss this article on Facebook