http://www.frontline.in/stories/20130322300509300.htm<http://www.google.com/url?q=http%3A%2F%2Fwww.frontline.in%2Fstories%2F20130322300509300.htm&sa=D&sntz=1&usg=AFQjCNG0GefEt40d8_NWJmIrMHA6BYtBDA>

*AADHAAR PROJECT*

*Dispelling the haze*

USHA RAMANATHAN

*That the lawmakers of the country have found themselves in a haze of
incomprehension about the UID project, which is being promoted as a “game
changer”, is deeply unsettling.*

VIJAY VERMA/PTI

*United Progressive Alliance chairperson Sonia Gandhi presents an Aadhaar
ATM card to a beneficiary at the launch of the Delhi Annashree Yojna in New
Delhi on December 15, 2012. Chief Minister Sheila Dikshit (left) and UIDAI
Chairperson Nandan Nilekani are also seen.*

MANY Union Cabinet Ministers are confused about the government’s Unique
Identity (UID), or Aadhaar, project. At a Cabinet meeting held on January
31, there was confusion regarding this issue, with some of them reportedly
wanting to know whether the UID was a card or a number. This is an attempt
to clarify some basic issues about the UID project.
*

Is the UID a card or a number?
*

The UID is a 12-digit number. It is not a card. What is sometimes mistaken
for a “card” is only the intimation that the issuing authority, the Unique
Identity Authority of India (UIDAI), sends to a person who has been
allotted a number.

The enrolling agency collects a person’s demographic information —name,
address, gender, age, and for children, details of parents/guardian—and
captures the biometric information—prints of all 10 fingers, scans of both
irises and the photograph of the face.

The UIDAI then has the data “de-duplicated” by cross-verifying them against
its database to check whether the person is already enrolled and has been
issued a number. Since a person could enrol multiple times with a changed
name or address, the accuracy and usefulness of the system depend on
biometrics.

The UID is, therefore, a number that is linked to a person’s fingerprints
and iris scans on a database.

*Do we know for sure that fingerprints and iris are unique and reliable
metrics?*

The truth is we do not. And this is an area of concern, especially as the
UID project seeks to make these the key metrics of a person’s identity.

In February 2010, the UIDAI issued a “notice inviting applications for
hiring a biometric consultant”, which contained this candid admission:
“While NIST [National Institute of Standards and Technology, the United
States agency that studies biometrics technology in the context of its
application to public policy] documents the fact that the accuracy of
biometric matching is extremely dependent on demographics and environmental
conditions, *there is a lack of a sound study that documents the accuracy
achievable on Indian demographics (i.e., larger percentage of rural
population) and in Indian environmental conditions (i.e., extremely hot and
humid climates and facilities without air-conditioning). In fact we do not
find any credible study assessing the achievable accuracy in any of the
developing countries”* 1(emphasis added throughout).

Then, between March and June 2010, the UIDAI did a proof of concept (PoC)
study of biometric enrolment. The report, uploaded in February 2011,
concluded that it had “validated one hypothesis regarding biometric
enrolment”—that iris enrolment was “not particularly difficult” and
“dramatically improved” accuracy levels and the “accuracy levels necessary
for the de-duplication of all residents of India are achievable”. But what
sticks out is a paragraph in the report: “The goal of the PoC was to
collect data representative of India and not necessarily to find
difficult-to-use biometrics. *Therefore, extremely remote rural areas,
often with populations specialising in certain types of work (tea
plantation workers, areca nut growers, etc.) were not chosen. This ensured
that degradation of biometrics characteristics of such narrow groups was
not over-represented in the sample data collected.” 2*

In July 2010, it was reported that a 2005 paper by researchers at the
Rajendra Prasad Ophthalmic Institute in Delhi estimated that there were six
to eight million people in India with corneal blindness. It further
identified the issue of cataract, which resulted from nutritional
deficiencies and prolonged exposure to sunlight and ultraviolet rays, and
corneal scars caused by injury or infection of the cornea.3These are
clearly problems essentially pertaining to the labouring masses, the aged
and the disabled.

In March 2012, the UIDAI readied its report, “Role of Biometric Technology
in Aadhaar Authentication”. Authentication is the process by which a
person’s biometric detail is used to establish or verify his or her
identity.

The report dislodges the common assumption that the print of the thumb and
the index finger can be used to identify a person. It appears that for 55
per cent of those tested, these fingers did not work as their “best
finger”. The report recommends a “Best Finger Detection” process. “The best
finger to be used for authentication depends on the intrinsic qualities of
the finger (for example, ridge formation, how worn out they are, cracked,
etc.) as well as the quality of images captured during enrolment process
and the authentication transaction,” it says. The fingers are, therefore,
to be labelled green, yellow or red, depending on their suitability for
single-finger authentication. In addition, some residents could be
determined to be “not suitable for reliable fingerprint authentication”.
Those younger than 15 and, more especially, persons above 60 years of age
had the highest rates of rejection. This is the shaky foundation on which
authentication rests.

The report does not tell us how “biometric exemptions”—that is, people who
do not have reliable fingerprints or irises that can be used in
enrolment—will be treated. Nor does it spell out an alternative to help
secure their identity. Nor, indeed, does it speak of spoofing.

On September 30, 2011, J.T. D’Souza, managing director of SPARC Systems
Limited, who works with biometrics equipment and has been following the UID
project closely and critically, demonstrated to officials in the Planning
Commission how, using some Fevicol and candle wax, he could spoof a
fingerprint and use it to authenticate someone else. Officials of the UIDAI
said they would look into it, but there is no information on what steps
they have taken. 4

What about authentication using iris as a biometric? The “Iris
Authentication Accuracy Report” was published in September 2012. It starts
with the assumption that “the iris does not get worn out with age, or with
use. In addition, iris authentication is not impacted by change in the
weather.” The report attributes these assumptions to “iris technology
literature”. The part of the claim that requires validation is that there
is a part of the human body that neither ages nor withers nor wears out.
The fact is that this is a new field of inquiry and there is very little
literature on the subject.

Perhaps, the first longitudinal study of the ageing iris as a biometric is
found in a Notre Dame University study conducted by two professors, Samuel
Fenker and Kevin Bowyer. They state: “Using a large data set of iris images
acquired over a three-year period, we have analysed cohorts of irises with
images acquired over one, two and three years. We find clear and conclusive
evidence that template ageing does occur in iris biometric matching.
Specifically, the experimental evidence indicates that the false non-match
rate increases with increasing time between acquisition of enrolment image
and the image to be recognised. In our results, the false non-match rate
increases by greater than 50 per cent with two years of time lapse.” The
remedy, they suggest, is to have regular “re-enrolment”. At the time of
writing, the implications of re-enrolment are not known.

In the process of the UID project roll-out, it has been reported from
Jharkhand that authentication failed in four out of every 10 persons. This
is the evidence emerging from the field.
*

Is UID voluntary?
*

While marketing the idea, the UID was projected as voluntary and was sold
as providing an identity to those who have no other. Since, unlike the
ration card or the voter ID, the UID does not have any intrinsic value or
purpose, there was little enthusiasm for enrolling for it. This led to a
change in tactics. Persons without UID are now facing the threat of denial
of services. The UIDAI has been involved in the process of making UID
mandatory. There is a push to make UID essential for getting rations,
accessing banking services and getting gas connections and refills; for
school admissions in the economically weaker section (EWS) category,
registration of marriages and property transactions; and for getting caste
certificates. And, if the Chief Secretary of Maharashtra were to have his
way, even making an application under the Right to Information (RTI) Act
would need the UID. This aggressive push seems to be based not on the
usefulness of the UID to the system, but rather to drive the enrolment
process.

The fact that the UID has such a low penetration even in the districts that
have been selected for the roll-out of UID-linked cash transfers (in lieu
of direct subsidies) must be understood in this context.

*Is there a law that governs the UID project?*

No. However, there is an executive order for the establishment of the UIDAI
within the Planning Commission. On December 3, 2010, over two months after
the project had begun to collect and process personal data, the National
Identification Authority of India Bill, 2010, was introduced in Parliament
and referred to the Standing Committee on Finance (SCF). The SCF gave its
report in December 2011. SCF members, cutting across party lines, found the
Bill severely inadequate and recommended that the UID project be taken back
to the drawing board.

The SCF found it “unethical and violative of Parliament’s privileges” to
proceed with the project when lawmaking was still under way. It commented
adversely on the conflation of the “resident” and the “citizen”. The UID
scheme, it said, had “been conceptualised with no clarity of purpose…
leaving many things to be sorted out during the course of its
implementation” and “is being implemented in a directionless way with a lot
of confusion”. The “collection of biometric information and its linkage
with personal information of individuals” without amending the Citizenship
Act and Rules “appears beyond the scope of subordinate legislation, which
needs to be examined in detail by Parliament”.

It was scathing about the project, which “continues to be implemented in an
overbearing manner without regard to legalities and other social
consequences”. On voluntariness, it said: “Although the scheme claims that
obtaining Aadhaar number is voluntary, an apprehension is found to have
developed in the minds of people that in future, services/benefits,
including food entitlements, would be denied in case they do not have
Aadhaar number.”

It cited the United Kingdom’s experience with the National ID project
regarding the huge cost; the complexity; the untested, unreliable and
unsafe technology; and the possibilities of risk to the safety and security
of citizens.

The SCF recognised that the UID project “facilitates the UIDAI and the
registrars to create database of information of people of the country.
Considering the huge database size and possibility of misuse of
information”, it said, “…and in the absence of data protection legislation,
it would be difficult to deal with the issues like access and misuse of
personal information, surveillance, profiling, linking and matching of
databases and securing confidentiality of information, etc”.

On September 28, 2010, seventeen eminent persons, including Justice V.R.
Krishna Iyer, Romila Thapar, Justice A.P. Shah, S.R. Sankaran, Aruna Roy,
K.G. Kannabiran and Bezwada Wilson, issued a statement in which they said
that before the UIDAI went any further, it was imperative to do a
feasibility study and a cost benefit analysis, engage experts to study its
constitutionality, put a law of privacy in place, and have an informed
public debate before any major changes are introduced. In the meantime,
they said, the project should be halted. The SCF echoed these concerns.

The SCF found the UID project to be “full of uncertainty in technology as
the complex scheme is built upon untested, unreliable technology and
several assumptions. Further, despite adverse observations by the UIDAI
Biometrics Standards Committee on error rates of biometrics, the UIDAI is
collecting the biometric information.”

Relying on registrars to ensure that only genuine residents are enrolled,
the SCF said, “may have far-reaching consequences for national security”.

There is still no law, and the UIDAI continues to function in a legal
vacuum.

*What is the link between the National Population Register (NPR) and the
UID?*

The NPR is under the Citizenship Act and is a prelude to creating a
National Citizen’s Register. The Registrar General of India is responsible
for carrying out this task. It is an attempt to establish who is a citizen
and who is not and to control infiltration and the entry of illegal
immigrants.

The 2003 Rules authorise the collection of only 15 fields of data, and
fingerprinting and scanning of irises are not among them. This means that
what has been done so far in the NPR process is in violation of the law.
The NPR has not itself studied biometrics but has merely gone along with
the UID.

The notification that set up the UIDAI within the Planning Commission gave
it the mandate to “generate and assign UID” to “residents”, to maintain the
database and to work on ways in which user/implementing agencies may use
the UID, for instance, for the delivery of various services. It was also to
“take necessary steps to ensure collation of NPR with UID (as per approved
strategy)”. The expansion of its mandate happened at a meeting of the
Cabinet Committee on the UID, which was constituted after Nandan Nilekani,
former chief executive officer of Infosys, was appointed the UIDAI
Chairperson. Nilekani was extended permission initially to enrol 10 crore
people, which was later increased to 20 crore. It was increased further to
50 per cent of the population after the Home Ministry in January 2012
agreed on an information-sharing agreement with the UIDAI.

The duplication in what the NPR and the UIDAI are doing is one of the
unresolved areas.
*

UID and outsourcing.
*

The UID project relies on a large number of enrollers who, in turn, are
dependent on “introducers” and “verifiers” to help enrol those without IDs.
And these have proved to be severely compromised. The issuance of a UID
number to “Kothimeer [coriander], s/o Palav, Gongura tota, Mamidikaya vuru
[raw mango village, in Telugu]” with the photograph of a mobile phone was
only an extreme manifestation of the deficiencies that have shown up. 5

One criticism has been that every time a problem crops up with the
technology, or despite it, it is sought to be overlaid with another layer
of technology, adding to the costs and introducing one more experiment to
the project. So, for instance, when fingerprints seemed an inadequate
metric, iris scan was added as an additional metric; a Global Positioning
System (GPS) was attached to enrolment equipment after an episode in
Hyderabad revealed large-scale enrolment of non-existent people. The
investigations in the case are still on.

S. GOPAKUMAR

*Scanning for Biometric Information for the Aadhaar project in progress at
the Christ Nagar Senior Secondary School in Thiruvallam, Kerala, on
February 16, 2012.*

The NPR uses the method followed by the Census, where the enumerators have
a responsibility to locate and reach persons to be enrolled.

The potential for exclusion is inherent in both processes.
*

Who holds the data collected?
*

The 2009 notification says that the UIDAI “shall own and operate UID
database”. The standing committee cited the National Information Centre’s
(NIC) concern that the “issues relating to privacy and security of UID data
could be better handled by storing [them] in a government data centre”,
indicating that it is not currently with the government but “owned” by the
UIDAI.

In its Strategic Overview document (2010), the UIDAI had set out a revenue
model by which it could become self-sufficient and begin to earn a
reasonable profit through selling its authentication services, after which
it would not be dependent on government resources. The report of the
Technology Advisory Group on Unique Projects (TAG-UP, July 2011), chaired
by Nilekani, promotes the idea of National Information Utilities (NIU).
These will be “private companies” acting in the “public interest” and will
be “profit-making” but not “profit maximising”. Data held by the government
is to be handed over to these private companies, which will then use them
for profit-making. The 2012-13 Budget adopted the NIU model of data
management in relation to the Goods and Services Tax (GST). The UIDAI, too,
seems to be moving in that direction, where it will acquire the character
of an NIU.

This is deeply disturbing, for it will mean that our data will become the
property of a company, which may then do data mining and use data as an
asset to make money.

*Why have there been concerns about the companies involved in the project?*

Since the early days of the project, alarm bells have been rung about the
involvement of companies such as L-1 Identity Solutions and Accenture.
These companies have a close relationship with the intelligence
establishment in the United States. L-1 Identity Solutions has been doing a
lot of work for the Central Intelligence Agency (CIA). It has even had
George Tenet, an ex-CIA chief, on its board. Accenture has been partnering
the Department of Homeland Security in the U.S. in its Smart Borders
Project. L-1 Identity Solutions has recently been bought by Safran, a
French company in which the French government is a large shareholder.

In reply to an RTI query about these companies, the UIDAI said: “There are
no means to verify whether the said companies/organisations are of U.S.
origin or not. As per our contractual terms and conditions, only the
companies/organisations who are registered can bid” (reproduced in an
appendix to Mathew Thomas (ed.), UID is not yours, 2012).

These leave unanswered disturbing questions about the security and
confidentiality of a population-wide database.

*Has any other country got a project such as this?*

No. In fact, the UIDAI prides itself that nowhere in the world is there
such a project, on such a scale and on the basis of a biometric database.
This, alongside the experimental stage in which biometric enrolment,
de-duplication and authentication are at this point, has given rise to
concerns that this is a massive experiment on the population of India.

None of the countries in the developed world has accepted biometric
identity even as developing countries are encouraged to adopt it.

The George W. Bush administration considered a biometric database when it
enacted the Real ID Act in 2005. But it realised the impracticalities of
the project, especially in depending upon biometric stability and accuracy
across the swathe of population, and across time, and so shelved it.

In Australia, an Access Card for health and welfare benefits was abandoned
in 2007, two years after it was started, after protests that raised
concerns about privacy, identity theft and disclosure of information.

In the U.K., when the David Cameron government jettisoned the biometric ID
project, the Home Secretary explained that this was done because the
government was the servant of the people and not their master, and that the
project would constitute “intrusive bullying”.
*

What are the costs of the project?
*

The direct costs are expected to reach Rs.15,000 crore in this phase of the
project. This does not include the cost to the enrollers, the registrars,
the time and resources spent by non-governmental organisations (NGOs),
administrators and the people enrolling, or the costs of authentication
equipment. There is also the cost that is generated in shifting to the UID
system, and the cost of failure, both to the individual and to the system.
The savings are hypothetical and so far unsubstantiated.

Vijay Unni, former Registrar General of India, has asked why, when the
complete Census exercise is carried out at a cost of about Rs.2,000 crore,
the UID project cost, at many times that amount, is being borne without
question.
*

Will the UID help in reducing leakage and reduce subsidies?
*

If de-duplication works, perhaps it will help eliminate duplicates and
ghost entries in various databases. If there is a linking of databases and
profiling of persons, those not entitled to subsidy may get identified.

But, as academics and activists advocating right to food have argued, given
the rates of hunger and child malnourishment in India the country needs to
worry about under-inclusion.

The only attempt at calculating the savings that the UID may effect can be
found in a document produced for the Planning Commission by the National
Institute of Public Finance and Policy (NIPFP). 6 The study, funded by the
UIDAI, relies on patchy data since “the present state of knowledge does not
permit precise quantification of the gains”. And “many of the gains from
Aadhaar are difficult to quantify as they are intangible”.

In effect, we do not know the effect UID will have on subsidies and
leakages.
*

What are the other anxieties that dog this project?
*

The convergence of databases and profiling of individuals is a serious
concern, and the “seeding” of the UID number in various databases
accentuates the problem.

A recent report says that Apollo Hospitals is spearheading an initiative to
link the health records of patients with the Aadhaar identification system,
raising questions about confidentiality of health data. Linking up the
Socio-Economic and Caste Census and the voter ID to the UID will breach the
protection that anonymity provides.

The rush into UID-linked cash transfer has given rise to the belief that
this is only to help the UID quicken its pace of enrolment which, the UID
website reveals, had slumped. And, the cost of failure has not even been
considered.

That the lawmakers of the country have found themselves in a haze of
incomprehension about a project that is being promoted as a “game changer”
is deeply unsettling.

*Usha Ramanathan works on the jurisprudence of law, poverty and rights.*

*END NOTES*

1
http://uidai.gov.in/UID_PDF/Archives/Tenders/Hiring_of_experienced_individual_Biometric_consultant_for_PoC_study.pdf<http://www.google.com/url?q=http%3A%2F%2Fuidai.gov.in%2FUID_PDF%2FArchives%2FTenders%2FHiring_of_experienced_individual_Biometric_consultant_for_PoC_study.pdf&sa=D&sntz=1&usg=AFQjCNGZ0VkvuN5ZvnuuIR48BZpfetqj_A>

2 
http://uidai.gov.in/images/FrontPageUpdates/uid_enrolment_poc_report.pdf<http://www.google.com/url?q=http%3A%2F%2Fuidai.gov.in%2Fimages%2FFrontPageUpdates%2Fuid_enrolment_poc_report.pdf&sa=D&sntz=1&usg=AFQjCNGta-Cu-Jujr5IZL0OXUJKYmi7DNg>

3
http://m.economictimes.com/tech/ites/missing-biometrics-create-unique-problems-for-uid-project/articleshow/msid-6178480,curpg-2.cms<http://www.google.com/url?q=http%3A%2F%2Fm.economictimes.com%2Ftech%2Fites%2Fmissing-biometrics-create-unique-problems-for-uid-project%2Farticleshow%2Fmsid-6178480%2Ccurpg-2.cms&sa=D&sntz=1&usg=AFQjCNFFpsdwxhu3-oBHmJFGK3JB4p-CCg>

4 D’Souza’s demonstration at the Press Club Mumbai can be viewed at:
https://www.youtube.com/watch?v=0a96L_SphR4

5 http://www.youtube.com/watch?v=ILauTJEDCb4

6 
http://planningcommission.nic.in/reports/genrep/rep_uid_cba_paper.pdf<http://www.google.com/url?q=http%3A%2F%2Fplanningcommission.nic.in%2Freports%2Fgenrep%2Frep_uid_cba_paper.pdf&sa=D&sntz=1&usg=AFQjCNG10JUp_C1Pp6L0RylN5UjZKLIMUg>

**



-- 
Peace Is Doable

-- 
You received this message because you are subscribed to the Google Groups 
"Green Youth Movement" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to [email protected].
To post to this group, send an email to [email protected].
Visit this group at http://groups.google.com/group/greenyouth?hl=en-GB.
For more options, visit https://groups.google.com/groups/opt_out.


Reply via email to