Vyuha | An Evaluation of the Parliamentary Report on the UID

Recently, a parliamentary committee has castigated the program as being poorly designed and ill planned, and with a very high error rate and as being completely impractical. As explained in this post, the UID is in fact quite robust and is guaranteed to provide true positives and true negatives all the time in practice. Even if the technology fails, the UIDAI has drafted processes to ensure that a citizen is not left in the lurch and locked out of the system. A thorough look at the issues shows that the parliamentary committee’s technical objections about the UID as being unreliable borders on the frivolous.

Criticism 1: The issue of Aadhaar numbers “is riddled with serious lacunae,” and this problem can be traced to conceptualisation “with no clarity of purpose” and implementation in “a directionless way with a lot of confusion.

As explained here, the entire process, right from registration down to ensuring that the UID numbers in the database are uniquely assigned to biometrics, and the robust process for de-duplication to prevent abuse of the UID system indicates that the UIDAI has thought through the various issues and has been transparent in the way it collects all the data and the way in which the system is implemented. The above criticism by the parliamentary committee almost sounds frivolous, as if the committee has not bothered to do its homework correctly.

Criticism 2: The Ministry of Home raised “serious security concerns” over the introducer model used to enrol persons without any proof of residence.

The main problem with this criticism is its presumption that a poor person who has no authenticating documents would have a “proof of residence”. The whole point of the UID is to tag that human being with a unique UID number. What does the Home Ministry plan to do with this person, if they only want people with “proof of residence” to register for the UID? Furthermore, as the UIDAI website explains, many of the poor do not have a proof of residence, and the UID is their ticket to be authenticated, for example when they go to open a bank account or perform any economic activity that requires an additional and 100% reliable means of matching a UID number to a set of biometric information. Banks will use UID as a auxiliary authentication mechanism along with photo ID etc. The natural-born biometrics of these paperless poor is all they need to possess in order to become a part of the system for the rest of their lives.

Criticism 3: The report concludes that the enrolment process “compromises the security and confidentiality of information of Aadhaar number holders,

As the UIDAI website states clearly, the privacy of the people enrolled are protected because none of the data is every leaked via the API provided to vendors using the UIDAI’s biometric authentication services. Secondly, the Aadhaar number need not be protected. Knowing the number alone is not enough to steal the identity of another person or leak any of their information. Why? Because one would have to mimic the biometric information of another person in order to use their UID number. This is why the UID is a robust scheme for authenticating a person, by mapping them to a UID number. In fact, this scheme protects the privacy of the citizen by allowing vendors who want to use the UIDAI’s services. How? When organizations such as banks, security services need an auxillary foolproof means of authenticating the identity of a person, they can do so by linking their software to the UID databases. Their software will contact the UID server to get a “yes”/”no” answer to the question: “Does this UID number match the biometric information presented with it?”, and use this as an auxillary means of authenticating the identity of a person in their premises. The UID will be used along with photo IDs and other means of identification, all of which together will establish the identity of the individual beyond a doubt.

Criticism 4: the UID has far reaching consequences for national security [because of the possibility] of possession of Aadhaar numbers by illegal residents through false affidavits/introducer system.

As the UID website says, all that the UID is doing is assigning a unique UID number to each Indian, based on the fact that every Indian has unique biometric signature.

Criticism 5: the SCoF comes down heavily on the government for proceeding with the project without “enactment of a national data protection law,” which is a “pre-requisite for any law that deals with large-scale collection of information from individuals and its linkages across separate databases.

Again, the UID is designed to only assign a unique number to every Indian. All the separate databases can keep their own data. They have the option of using the UIDAI’s services as an auxiliary means of authenticating if they so require. The UID is not a means to determine the citizenship status of a person or their residency status in the country, it is only a means to identify a human being accurately via a single, unique 12-digit number.

Criticism 6: the report strongly disapproves of “the hasty manner” in which the project was cleared. It concludes that a “comprehensive feasibility study…ought to have been done before approving such an expensive scheme.

This just seems like a vague excuse to delay the implementation of anything at all. The fact of the matter is that biometrics is a proven technology that solves a very difficult problem for India: including more and more poor and economically backward Indians into the Indian economy. It can all start only when the nameless faceless poor acquire an identity bound to a unique 12-digit UID number and their own biological uniqueness. Furthermore, if the citizen can no longer use a UID number, or if the citizen’s biometric information has changed, all that needs to be done is assign a new unique UID number to the citizen and invalidate the old UID number.

Criticism 7:This conclusion follows the government’s admission to the SCoF that “no committee has been constituted to study the financial implications of the UID scheme,” and that “comparative costs of the Aadhaar number and various existing ID documents are also not available.

Unless the comparative ID schemes can provide the 100% true positive and true negative reliability that the UID provides, this is a vacuous criticism. The committee needs to spell out what other schemes they have in mind and demonstrate those schemes also have an equal degree of reliability.

Criticism 8: The total cost of the Aadhaar project would run into multiples of ten thousand crore of rupees. For just Phase 1 and 2, where 10 crore residents were to be enrolled, the allocation was Rs. 3,170 crore. For Phase 3, where another 10 crore residents are to be enrolled, the allocation is Rs. 8,861 crore. In a rough extrapolation, for 120 crore residents the total cost would then be over Rs. 72,000 crore. Is the Comptroller and Auditor General listening?

The MGNREGA scheme is a pure expense scheme that has zero return on investment and costs the government lakhs of crores of Rupees. The UIDAI is eventually planned to be self-supporting once banks and other organization but the UIDAI’s services as an additional means of authenticating the identity of the customers of such organization. The benefits provided to the nation by the UID in terms of cutting down on fraud and providing the poor a means to open a bank account and to otherwise participate in the economy. Surely those kinds of benefits are well worth the initial costs, costs that will be recovered in the long-term, once more and more organizations buy and use the services of the UIDAI. Surely, the parliamentary committee does not think that government organizations that can support themselves is bad for governance, or does it?

Criticism 9: the report tears apart the faith placed on biometrics to prove the unique identity of individuals. It notes that “the scheme is full of uncertainty in technology” and is built upon “untested, unreliable technology.

Given that biometrics is not only proven technology, but that it is trusted by law enforcement officials, the above objection by the committee is just plain wrong. Justice systems worldwide consider fingerprints and DNA matching admissible evidence in court to support claims of presence of an individual at the crime scene, based on fingerprint (or DNA) matches with a high degree of certainty. The parliamentary committee is entitled to its own opinion, but it is not entitled to its own facts.

Criticism 10: It criticises the UIDAI for disregarding (a) the warnings of its Biometrics Standards Committee about high error rates in fingerprint collection; (b) the inability of Proof of Concept studies to promise low error rates when 1.2 billion persons are enrolled

A simple calculation such as the one shows that the error rates for the UID, in terms of maintaining the uniqueness of biometrics in the UID database, is around 10^-30. This is an extremely low error rate, and can be considered close to Zero for all practical purposes.

Criticism 11: (c) the reservations within the government on “the necessity of collection of IRIS image.” The report concludes that, given the limitations of biometrics, “it is unlikely that the proposed objectives of the UID scheme could be achieved

The Committee cannot just make vague statements about “the limitations of biometrics” and pretend that is a valid argument against the UID. Can Mr. Yashwant Sinha and the rest of the parliamentary committee spell out to the public what these limitations of the biometrics are and how they result in a high error rate? Surely, if Mr. Yashwant Sinha and his committee want to cancel the UID based on such technical objections, they need backup their objections with facts.

Existing facts say that all the technical objections by the Parlimentary committee are poorly thought out and demonstrate a lack of understanding of the scope and the usefulness of the UID project in streamlining processes of governmental and private organizations in India.

Surely, a nation that often complains about rampant, runaway corruption in the system should welcome such a means for cutting down on waste and fraud, should it not?

Related Posts

  1. Takshashila responds to GoI’s discussion draft on National Cyber Security Policy

DISCLAIMER: This is an archived post from the Indian National Interest blogroll. Views expressed are those of the blogger's and do not represent The Takshashila Institution’s view.