Centre for Internet & Society

Having a standard for decentralized ID verification rather than a centralized database that would more often than not be misused by various authorities will solve ID problems, writes Liliyan in this blog entry. These blog posts to be published in a series will voice the expert opinions of researchers and critics on the UID project and present its unique shortcomings to the reader.

Researchers at CIS have been grappling with the UID project from research, advocacy, and legal standpoints though all approach it from their own perspective and opinions are rarely duplicated. In an attempt to make their expert opinions more accessible to readers, a series of blog posts, this being the first, will be put up. These posts will not, and cannot because of its length and format, try to address all the possible issues the UID poses. However, they will present the bare bones of the arguments and research questions that the independent voices at CIS see as crucial. These posts will also ask many more questions than they answer, in an attempt to spur further dialogue about the UID project.

Central to understanding the nature of the UID project and its possible ramifications is the idea that technology is not merely a tool to be used by an unchanging, monolithic state. In fact, its very adoption can create ripple effects throughout the apparatus of the state. When the state adoptsa mainstream and ubiquitous technology, the structure of the government and methods of governance change. These changes are not always so dramatic as to be immediately noticeable without some informed inspection, but if one considers the way the state and the citizen interact the significance of these changes becomes starkly apparent. Can we trust the government to use touch screen voting machines like the ones we see every day at the bank? Do government surveillance cameras make us safer or introduce worrisome intrusion into our privacy, or both? Technology is not as neutral as it appears. That is not to say that it is inherently good or bad, but that it is not inert, it is transformative in nature.

The nation state as we know it is built on the printed word, or at least analogue technology. The ways in which we codify, distribute, and assimilate information have, for centuries, been dominated by the printing press. With the introduction of “database governance” there will inevitably be a shift, and a radical one at that. The Indian government has announced its intention to move towards “SMART” (simple, moral, accountable, responsive and transparent) governance, and this implies both an acceptance of the neo-liberal philosophy of government and techno-governance. To achieve a new level of transparency, accountability, and responsiveness, the move towards e-governance could be a major turning point, but how does this shift complicate and change the citizen-state relationship in India? How does this change shift the relationship of India with the rest of the international community?

The UID and Shifts in the Citizen-State Relationship

One way that the citizen-state relationship will change with the shift towards techno-governance, specifically in regard to the UID project, is that the UID posits the state as both the safe-keeper and arbiter of identity. Proponents of the UID project are adamant that it is a voluntary program, but even the UID website states that “in time, certain service providers may require a person to have a UID to deliver services”. As the UID becomes increasingly ubiquitous, could not having a number mean being cut off from some or many of the basic privileges of citizenship if one's identity is becoming more difficult to verify? If having a UID number is the most prominent marker of identity, then it is through state definition, arbitration and upon the state's technical capacity that all will rely.

Moreover, how do we begin to address the privacy issues raised by technological advances in relation to non-changing legal structures? What does it mean to capture all this identity data without introducing a new privacy legislation to protect the citizen? Without new legal accommodation, otherwise benign processes like a statistical census can become a potent tool in a shift towards a police state. As state apparatus's shift, there must be some paradigmatic shift in law to accompany these new technologies and government roles.

If the state transforms through the integration of e-governance forms, then there will inevitably be a recalibration of the relationship between the state, the market, and the citizen. Traditionally the separation of these entities creates arbitration and within a development paradigm there is dynamic, active triangulation. One way we can see this triangulation is through government intervention in markets on behalf of the citizen. There are certain spaces of consumption, for example, such as a cinema where state intervention against discrimination creates a marker for citizenship. That is, because I am able to access a cinema without discrimination, as one of my constitutional rights, this demonstrates my citizenship. However, with the introduction of public- private partnerships, or PPPs, the fact of having multiple stake-holders of political economy allows for the state to disinvest in the production and delivery of certain public services.  Satisfying the needs of the citizen for services like sanitation, public education, delivery of power and clean water, maintenance of infrastructure like roads and bridges, can be handed over to corporate entities. The Indian government has enthusiastically embraced PPPs as a way to bring needed capital to the infrastructure demands that accompany their economic growth goals. However, how does this kind of task delegation affect transparency and accountability? If the state decides to stop producing or supplying a good or service, and instead turns this over to a corporation, can the mechanisms for state oversight realistically be trusted to make sure quality and accountability are not adversely affected and rectify the situation if they are? Where does the citizen come into all of this, in terms of what they stand to gain and lose? 

The Definition of Citizenship and the UID

As the state and the market enters into new relationships the definition of citizenship changes.  If the citizen is seen as the intended beneficiary of state programs, this new relationship between state and market begs the question “Who is subject to (or the subject of) the state?” When the corporate sphere creates micro-financing that helps farmers, they may help the people at the bottom of the economic pyramid manage their debt, but does it necessarily address the problems that created the debt in the first place? How does the market mediate the citizen-state dialogue? As the state and the market enter into new relationships there is a recalibration of the citizen-government relationship. Do market demands for an e-literate consumer put pressure on the state to create one where one did not exist before, and if so, can this not have profound implications for the definition of citizenship?

Part of the movement towards e-governance is signalled by the fact that there has been a shift away from state-sponsored literacy campaigns to e-literacy programs. Does this use of information and communications technology for development (or ITC4D) alienate significant portions of the population? Can such programs in fact widen the digital divide? With the introduction of e-governance the state asks the citizen to participate in governance by creating new avenues for civic participation, such as providing databases of information pertaining to the state that is freely accessible for analysis and manipulation by anyone with the skills to do so. But, if this makes it impossible for some portions of the citizenry to communicate effectively with the state, does this run the risk of making certain, traditional forms of citizenship redundant? How are people with low literacy and little or no access to the necessary technologies supposed to communicate with this new high-tech bureaucracy? Will those who cannot navigate the new systems be inadvertently relegated to second-class status?

This is of particular concern when thinking about the UID project. To properly manage and distribute social services, ID management in some form is crucial. However, when trying to make sure services are properly delivered to the uneducated poor the danger for digital-analogue slippage that is not in their favour increases, and accountability is not necessarily adequately addressed. For example, if I am an illiterate farmer entitled to a certain ration and the person conducting the transaction decides to defraud me, they can easily ask me to authenticate my biometrics, make it appear that they have been simply checking my identity when they have actually fooled me into authenticating the “completed” transaction and simply tell me the computer says, I've already received my share, that I'm only entitled to half of the normal amount, or some other such lie. In this scenario, how would I know this person wasn't telling me the truth? If they lie using a simple ledger, I can take the ledger itself or a copy of it to a literate friend and have them help me navigate the situation. I can seek redress and substantiate my claims more easily if I am not alienated by the technologies being used. Technologies can be empowering or dis-empowering depending on their application. How then, do we balance the demands of the market and the duties of the state against the rights of the citizen? Or rather, how do we apply technology in such a way that the demands of the market and the duties of the state mutually balance each other? 

Centralization and Cost-effectiveness of the UID 

While ID management is indisputably important, it does not require a centralized database. In the US there are multiple pieces of information, stored in separate databases that can be used to authenticate a transaction. No one can open a bank account with just a social security insurance number. You also need a separate form of ID, often two, that can be used to verify identity. In this way, the SSI number is a bit like a “username” and the other forms of ID, driver's license or passport, function like a corresponding “password”. With the UID project, however, the “username” (the number itself) and the “password” (the number holder's biometrics) are stored in the same place. Thereby, should the database be in some way compromised, all the information needed to verify and complete transactions would be available. If storing this information in a central database is really a good idea, then one must also accept the premise that merging all existing email servers into one monolithic server is also a good idea. Furthermore, centralization is not only more dangerous, it is totally unnecessary. Trillions of dollars worth of trade take place every year using PIN numbers issued by banks and verified without the verifying data being centralized. Having a standard for decentralized ID verification, rather than a centralized database would solve ID problems without creating a database that would be vulnerable to attack. 

There are lots of examples of governments implementing costly safety measures that don't actually make anyone safer. Take for example the cameras put up all over London to monitor the movements of people. Unfortunately, something as low-tech as a hooded sweatshirt can thwart these attempts at surveillance. Moreover, if I am a criminal, I am going to make it a priority to know where the cameras are so that I can strategically avoid them. Another example is the millions of dollar the U.S. government spent on putting an armed Federal Air Marshal on every flight, post 9/11. While traditional intelligence gather has thwarted other attempted attacks since 9/11, Air Marshals have not been responsible for stopping any. Simply because the UID project is more technologically advanced does not make it more effective. It seems to greatly increase the risk of fraud that there can be so many separate biometrics machines scattered in different places to verify so many transactions. Having the machines sequestered in private businesses where they will not be constantly monitored or regulated seems to be both costly and easily subject to tampering. It seems to make more sense to have, say, one central, monitored machine per so many people that could be used to settle identity disputes when they arise rather than making the technology a part of every transaction.

Infallibility and Circumvention of the UID

The UID is not infallible and circumvention will certainly be a problem with the project. We find an analogy in the field of digital rights management. If I copy an mp3 without permission or payment, that is illegal. Digital rights management law was introduced to stop this practice, but it was circumvented. This legislation has not stopped the first crime. It has merely created a second, that of circumventing the law.  The UID, in so far as it may be used to try to stop the crime of illegally siphoning resources such as, for example, grain intended to go to the poor, cannot stop people from circumventing the system. Circumventing the UID will be a crime. If doing so were truly impossible there would be no need to criminalize it. So, instead of preventing the initial crime of siphoning may not prevent the first crime, while introducing another.  

There are basically two possible types of circumvention that are possible, though they might present themselves in various different forms. “Type A” or “the Mission Impossible” kind of fraud  might involve fake thumb prints and contact lenses being worn by someone trying to fool the person conducting the biometric authentication. “Type B” occurs when the person operating the biometrics machine is working to defraud the system, most likely with one or many accomplices.

“Type A” involves one dishonest person, who is trying to access someone else's account or a ghost account, and there are various proposed methods to prevent against this type of fraud. To prevent against people using fake thumb prints, the biometrics machines will measure the heat of the thumb as well as the image of the thumb. With the iris scan, there will be a pulse of light to cause contraction in the iris so that a contact lens, which cannot adjust for light, can be detected. All of this will drastically raise the price of the machines in question. It is hard to imagine farmers and labourers defrauding the system with elaborate biometric defrauding devices, so these expensive machines are much more appropriate for monitoring the top of the economic pyramid, who steal in larger sums and have more sophisticated technology at their disposal.

“Type B” involves dishonesty either by the person in control of the biometric authentication, or both that person and others. This seems to be a much more likely and problematic scenario. Right now, bank accounts that are not connected to a name are regularly created so that people can cheat the tax man. Since the bank profits from these accounts, it's in the bank's interest to help people set up such accounts. Ghost ID numbers, and things like bank accounts that are connected to them, can still be produced with biometrics. How is this possible? Well, to make it possible for so many biometric authentications to happen every day, the whole set of ten finger prints won't be sent. That would be way too much data. So, instead of overwhelming the channels, only one thumb print will be sent. Even that many thumb prints would be an information overload, so each thumb print's image will be reduced to a set of 30 data points that will be compared against the original scans. So, where is there a possibility for fraud? When the scan of the finger is taken, and image is rendered. If someone wants to create a ghost ID they only have to manipulate this image, like with a Photoshop filter, and alter the data points. Once I've created a set of biometric markers that doesn't connect to anyone, I can conduct transactions for a ghost. One can easily imagine a market emerging for ghost IDs. People might start trying to pay foreign tourists for their biometric information, which could be sold to a local office. There are certain settings where biometrics works well, for example, at an airport. There, everything is under constant video surveillance. If someone were to tamper with or try to replace the machinery it would be quickly noticed by the cameras. Even if it weren't, different people would routinely be operating the same machine and this would be an added safe guard against fraud. However, at a bank, or any place where the machines used for verification are operated behind closed doors it is quite likely that the technology will be abused.  This abuse could easily go unnoticed, because the draft UID bill has proposed strict accountability measures for the Authority, and has conveniently overlooked extending these to collecting and enrolling agencies.

Digital/Analogue Slippage

There is always the possibility of digital/analogue slippage or, more simply put, the computer records not reflecting what actually happened even if no fake identity was used. This happens all the time in IT buildings in the form of tailgating. Four people go out to lunch together and as they re-enter the building they're supposed to each swipe their ID card individually. It is easier and faster for one person to swipe for everyone so, despite signs discouraging this behaviour, this is a common occurrence. If you were to try to analyse the data collected after a day of such comings and goings it would be indecipherable. 

I can also authenticate my biometrics, in order to authorize a transaction, without the transaction actually being complete. Let's say I'm a poor farmer entitled to a ration of 10 kilos of grain. The person who is supposed to give me the grain is not an honest person and insists that I authenticate the transaction before he or she gives me my ration. I do what I'm told but only receive 5 kilos. The computer record shows that I have gotten my full ration, so I have no grounds to contest. In this scenario, more complex technology does not necessarily mean greater accountability. Furthermore, even if I am illiterate, if there is a simple ledger that has recorded the transaction, I can physically take the ledger or a copy of it and show it to some literate person willing to help me. If the only record of the transaction is in a database that I can't access or can't understand it will be even more difficult for me to seek help. Moreover, if I don't understand the technology and the shop owner decides not to give me the grain at all they can simply say “Oh, I'm sorry, your account has been denied” or “The computer says you've already been given your ration” and I have little chance of successfully negotiating that situation. Built in to this example is the disadvantage that the illiterate and the computer illiterate face when dealing with this technology but, this is not necessarily always present in cases where digital/analogue slippage causes confusion or complication.

Commonly, things are bought by or registered to one person and used by another. For example, in a small office building, all the phone lines and computers may have been bought in the name of one person. Each office worker will not buy their own computer or equipment, but instead the computers will be bought in the name of the person who runs the organization or an administrator with financial authority. If someone in the office uses their computer to make a bomb or store child pornography, who is accountable? This is the problem when there is digital/analogue slippage.  There is the digital record of events and then things as they really are, which are not always identical, and there is no accountability or safeguard against mistake. In the context of the UID, the possibility of such slippage is too high, and will work against the goal of delivering benefits to the poor instead of facilitating it.

Filed under: