Centre for Internet & Society

A summary of the "No UID" public meeting that took place on Aug. 25th at the Constitution Club, New Dehli.

The Meeting and Project

  On August 25, 2010 in Delhi, a public meeting was organized by civil society groups from Mumbai, Bangalore, and Delhi to discuss and answer questions surrounding the UID, and to present the concerns of the public to members of parliament. The meeting was successful, with many important concerns raised by both the speakers and the audience. An action plan was developed, and  MPs were able to come, listen, and share their opinions. 

The Project

The UID is a project that is supported by the government of India, and is led by Nandan Nilekani, the former CEO of Infosys.  The project is being presented as a cure to the PDS system, as a mechanism to bring benefits to the poor, and as a project that will make India an inclusive society by providing every citizen with a verifiable identity. The draft National Identification Authority of India Bill will be placed before the Lok Sabha in the current session. If the Bill is approved by parliament, the official implementation of the Bill will take place in Winter 2010 -2011. 

Technological Flaws

Speaking first, Jude D'Souza, a free software professional, presented the entire technical aspect of the UID scheme. He became involved with the UID project through his work on biometrics, and he expressed shock that the UID scheme would rely on a deeply flawed system such as biometrics.  Flaws in such a system include -- but are not limited to -- duplication, verification problems, and the lack of infrastructure needed to collect biometrics properly. Explaining in detail how fingerprint and iris scanners work, he showed how both are actually very simple technologies.  An iris scanner is  essentially a camera coupled with auto-focusing. The camera focuses on one’s eye, takes a snapshot, and then divides the eye into concentric segments, conducts a type of numbering scheme for each segment, and then generates a number that represents the pattern. A fingerprint scanner works in a similar manner. First a  picture is taken of your finger-print,  the system then generates an inverted image of the finger, with darker areas representing more reflected light and lighter areas representing less reflected light. The image is then compared against the stored fingerprint.  Both technologies  are easily spoofed. Iris scanners cannot detect contact lenses, and a scientist in Japan found that fingerprint scanners can be “tricked” easily with materials costing under 10 dollars. D'Souza explained how all identification systems go through an enrollment and authentication process which includes: the capturing of the image, the processing of the image, extraction of features, the creation of a template, encryption, duplication and storage of the information. If a step in either the enrollment or authentication process goes wrong, the whole process is brought  back to square one – manual recording  of information. For instance, if a fingerprint is swiped, and the machine cannot read it because it has changed with age, or the machine is malfunctioning, or the fingerprint is logged with water (something that is not uncommon in India) – the person would either have to re-enroll, and then re-verify who they are manually. If this scenario applies to, say, someone coming into a hospital, the consequences of his/her fingerprints not being read are grave.

Another concern is the compromising of the system. Bogus templates can easily be created and switched with the real template, key duplication is possible, or the system could be hacked and a virus introduced. In general, it is dangerous when any database containing personal information is compromised; a database that contains biometrics is twice as dangerous. D'Souza closed his presentation by making the point that biometrics cannot be withdrawn – if your password (biometrics) is compromised, you are still stuck with it for life. Once you leave your  footprint through biometrics, it is irrevocable.

Civil Rights

The second speaker of the day was Usha Ramanathan, an internationally recognized expert on law and poverty, who spoke on human rights and the UID. From the beginning of her presentation she challenged the audience to think deeply about the question “Why would the government want to put this project in place?” She brought to the table many points about how the project violates human rights, including the fact that no type of feasibility study has been done on the technology or the financial cost of the project; a white paper was never issued at the genesis of the project; and Nandan Nilekani and other members of the authority refused directly to answer the concerns brought forth to them when they were approached.  To her, the corporatization of the project is also very clear. From the marketing of the scheme, to the implementation of the scheme, to the fact that the convergence of databases will allow business and corporate powers to network using individual’s data that they obtain from the database – the issuance of a Unique Identification Number provides opportunities for huge profits to be made by corporations and the government. What makes the consequences of a UID number even more powerful is the fact that even though the Authority says that the number is voluntary, businesses, shop owners, banks and hospitals have the ability to deny access if one does not have  number.  In this way, the number is at least de-facto compulsory. This number also threatens violations to an individual’s privacy.

Benefits to the Poor

When analyzing the benefits to the poor that the number promises, the picture begins to look less and less beneficial. The Authority has been stressing the benefit of the portability of a Unique Identification Number. The positive aspects of having a portable ID stem from the idea that a person living in one village could be traveling and would still be able to collect his or her rations from the Free Trade Shop in the location he or she is visiting. No longer would people have to return home to collect their rations.  Though this seems to be a useful benefit indeed, problems begin to arise if the Free Trade Shop in that village does not have enough grain in stock to provide for the unexpected visitor or if the biometric data malfunction.  Other complications that the poor might have with a unique ID number is that to enroll you must know your address and name, and be able to spell them correctly. When looking at if the UID will plug the leakages of the PDS system, it will perhaps make the delivery of grain more efficient – theoretically it could stop the use of fake ration cards etc, but it does not stop the waste of grain, and at the end of the day – it still only a number, it does not regulate the person authenticating the individual and distributing the grain. Other difficulties the rural populations face are power outages: what if the power goes out – no one can be authenticated, what if the notice that benefits are available are electronically transmitted and do not arrive? What if data are lost during power outages?

Response of the Audience 

After lunch the floor was opened up to discussion about steps that need to be taken in the future. It  was determined that  academics need to be  consulted, the NO UID campaign needs to be presented in a language that everyone can understand and relate to,  more political leaders need to be contacted, volunteers from Universities need to be recruited, petitions need to be written, and emails and contact information shared for open communication amongst each other. Another response from the audience was that privacy is an issue for the elite – the poor are concerned with surviving day to day. What is interesting, though, is how untrue that is. The issuance of a UID number brings privacy of the poor into the limelight. Privacy is a question of a person’s ability to control individual information, to know how it is being used, and by whom. A Unique Identification Number given to the poor suddenly places all of his or her personal data on the grid. It places it into networks, business databases, and governmental data banks. The current lack of data protection and lack of control an individual has over these data under the scheme creates a privacy crisis for anyone who has a number.  And, given the ability to deny services to someone who does not have a number, it creates a crisis for those who opt out as well.

The Opinion of the MPs

Many of the MPs were unable to come, but the two who did were in opposition to the UID. MP Syed Azeez Pasha (CPI)  commented on the need for a campaign to have started earlier, while Senior Member of Parliament from the Revolutionary Socialist Party of India (RSP) Abani Roy called for the launching of a massive campaign to resist this expensive and dangerous project through which several companies will gain massive contracts from the public exchequer.

Conclusion

As the UID project continues to unroll, it seems that  that Nandan Nilekani has imagined a new India – one that looks to technology as its solution to its political and social problems. If this is the case, a UID number that will work to shift the entire population onto a digital database could just be the beginning of many  other changes to come. Indian citizens should carefully consider if this is the India that they have imagined.

 Resources from the Meeting

D'Souza powerpoint presentation

UID Booklet

UID Appeal to MPs

UID in Hindi

The views and opinions expressed on this page are those of their individual authors. Unless the opposite is explicitly stated, or unless the opposite may be reasonably inferred, CIS does not subscribe to these views and opinions which belong to their individual authors. CIS does not accept any responsibility, legal or otherwise, for the views and opinions of these individual authors. For an official statement from CIS on a particular issue, please contact us directly.