Monday 28 June 2010

UID: Thoughts from an Erstwhile Skeptic

Avani Kapur

Last month I attended a Consultation Workshop on the Unique Identification Authority of India (UIDAI), now called AADHAR. With the first UID numbers being issued between August 2010 and February 2011, this was a part of UIDAI’s campaign to hold a wide range of consultations with Civil Society Organizations in various parts of the country.

For those of us, who are curious about the UID, and recognize the potential benefits it can have (can being the operative word here) but yet have our reservations, the workshop was definitely enlightening. One of the main things that came out from the consultation was the amount of confusion that still exists about what exactly the UID can and cannot do and how much of an invasion of privacy it actually is.

I thought it would thus be useful to lay out some facts regarding the UID.

Fact 1: The UID itself will collect only standard attributes such as name, date of birth, gender, father/mother/spouse/guardians name, address and a photograph. The only unique information is the biometrics (10 fingerprints and both iris scans).

Fact 2 : The UID will be given to all residents who are in India and avail services and not just citizens.

Fact 3: The information in the database will be used only for authentication purposes and will not be shared or transmitted. Anyone seeking to authenticate the identity of another person using the UID database – will only get a response in YES or NO.

Fact 4: The UIDAI is working on a partnership model with a variety of agencies and service providers ( both government and private sector) to enroll residents for UID Numbers and verify their identity. For e.g. Insurance companies, LPG marketing companies, RSBY, MG-NREGA etc. The UIDAI will also engage with Outreach Groups (essentially CSOs) to target, the homeless, urban poor, tribals, differently-abled population of the country etc.

Fact 5: The UID database will be guarded both physically and electronically by a few select individuals with high clearance. It will not be available even for many members of the UID staff and will be secured through encryption, and in a highly secure data vault.

Sounds good so far? The obvious question then is that if these ideas are indeed so good then why are people so skeptical and in some cases even taking an extreme position of completely rejecting the UIDAI. I think the answer is nuanced and symptomatic to deeper issues.

Broadly there are 4 main concerns regarding the UID, namely, concerns over exclusion, individual privacy, and misuse of data and finally whether the benefits outweigh the costs. Let’s deal with them one by one.

Exclusion
While the UID team keeps stressing that the UID is voluntary but the fact of the matter is, for all practical purposes, in time, it will become mandatory as service providers may require a person to have a UID to access services. The concern then is, what will happen to those who are unable or purposely unallowed to get the UID.

The case of exclusion is definitely a concern – but not limited to the UID alone. Instead, the UID for its part has tried to mitigate against this by having an introducer system and getting ngos to assist in the enrolment process. Now it is the job of all the enrolling agencies to make sure that everyone has access to it and for us, civil society to assist in the process.

Individual Privacy and Misuse of Data
The UID itself only collects standard attributes, but since the enrolling system is through partnership with existing agencies such as LIC, banks, PDS shops, nrega job cards etc - the full board of the UIDAI may have additional data fields related to identity. The fear being , this kind of information could compromise privacy of the people, and leave it open for misuse—racial profiling being an obvious threat.

This is a legitimate fear, but blaming the UID itself for this, is not.

On the one hand, the question of privacy in itself is a very “urban” concept. No one really talks about the fact that for NREGA, muster rolls, job cards and daily wages are a matter of public knowledge and are instead considered important components for accountability and transparency. Moreover, anyone not privileged enough to have a permanent address or identity proof will ascertain to the fact that finally having some sort of “identity” would alleviate the challenges of something as basic as getting children into school, getting a telephone connection or even a death certificate.

Second, a host of our personal information is already publically available and there are no guarantees that they are not prone to misuse. The Election Commission and Census already collect a lot of our personal information; the railways make the names and ages of passengers public each time we travel , not to mention online social interaction sites such as Facebook , Orkut and Twitter, which are often prone to hacking.



So even without the UID, what is urgently needed is a law protecting our privacy. Last week, the UPA government appointed a panel to create a blueprint for a new law guaranteeing a citizen’s right to privacy. Once in place, the law is meant to recognize the right to privacy of an individual as a fundamental right and have in place provisions against wrongful collection of and misuse of data. While it remains to be seen what shape the law will take, it has to be said, in a way the UID has finally made us think about this important issue.

Lastly, Expenditure
With crores of rupees being put into the operationalisation of UID – is it really worth it?

Lets be clear, the UID itself will not solve all of the world’s problems. However, what it does have the potential to do is to centralize and clean up the government databases – a huge step in itself. Anyone who has gone through government databases knows that often, it can be like looking for a needle in a haystack (for more details please see here)

And having authentic, clean, reliable data can be an important step in better delivering our services. Take for example the PDS. While the UID may not be able to solve the problem of people not being included in the BPL list and hence being excluded from the PDS system, it should be able to solve problems related to leakages (see post below) and the presence of a large number of fake ration cards – all of which are literally money down the drain.

Finally, let’s remember, like with most things, the UID model is only as good as its application!

Avani Kapur is Researcher and Coordinator, PAISA Project at the Accountability Initiative

6 comments:

  1. At the risk of sounding ignorant (and perhaps a little skeptical still), how does the UID work for students away from the country, who continue to live in a form of limbo. I haven't lost my citizenship here nor gained one else where and continue to hope for a possible return. Then, how do I acquire one of these, and how smooth is the process of getting 'in'?

    ReplyDelete
  2. Thanks for your question.

    The UID enrolment process will be an ongoing one and students who are away from the country , but return for visits can always apply for it through the enrolling agencies such as Banks etc. The UIDAI team is currently also looking into other means of enrolment including making forms available online.

    Since the UID is only a source of ID, even foreigners (non-indian citizens) visiting India for a few months and wishing to use services such as getting a mobile connection, can apply for a UID.

    Hope this answers some of your queries. For more details, please visit the UIDAI website -http://uidai.gov.in/

    ReplyDelete
  3. A well written and informative post, clarifying much of the confusion around the UID and the concerns that remain. It remains to be seen whether the proposed privacy legislation will be comprehensive or render mere lip-service.

    ReplyDelete
  4. Nice blog. There is another angle you might be interested in learning. FI/ EBT was meant to be a bank lead model but in their proposed architecture, banks could potentially loose control over their right to authenticate the beneficiary as per their own processes and must go to UIDAI for it.

    Its like UIDAI is telling the banks: "Thou shall renounce your customer's signatures/ PINs to me and come to me for their authentication each time and pay me for it!!" Now, how cool is that for sustainable revenue model?

    ReplyDelete
  5. If all this is so good...

    Why did people of UK revolt against and finally did not allow a similar UID project to happen in UK?

    The answer is simple: Such measures will result in a Police State being created, and infinite scope of misuse.

    ReplyDelete
  6. Hi Prashant,

    Thanks for your comment. I agree with you that there are definite security issues with UID, but on a positive note, the government is finally at least "trying" to resolve some of them.

    Also, like I mentioned, the UID model is only as good as its application !

    Lastly, our blog has moved. Please do look at http://www.accountabilityindia.in/blog for future blogs.

    Thank you again for your comments.

    Regards,

    ReplyDelete