An eye on identity
The Unique Identification project is on course. But it is time to review the robustness of its technology and scalability, writes Subimal Bhattacharjee.india Updated: Nov 02, 2011 22:05 IST
The Unique Identification Authority of India (UIDAI) completed a year of the launch of the Unique Identification number (UID), Aadhaar, on September 29. The Authority has already enrolled 100 million individuals and generated more than 37.5 million UID numbers. It has also achieved the fantastic feat of enrolling 1 million residents in one day and is progressing well towards reaching its mandate of generating 600 million numbers by 2014. As of now, it has achieved the capability of enrolling 400 million persons per year.
Despite such good progress, there have been questions on cost escalation, the Authority’s scope of work and the wisdom of running such a massive programme. The Union finance and home ministries as well as the Planning Commission (to which the Authority is attached) have also expressed their concerns on the way the project is moving forward. With the National Population Registry (NPR) being created as part of the Census 2011 operations and its enrolment process almost similar to the UIDAI, there have been questions on the duplication of work (enrolment) and the costs involved. After these concerns were raised, the Authority came out to explain the uniqueness of the UID project and the fact that the Indian government has already pledged financial support to it.
But there are a few issues that need to be addressed so that the vision and approach behind Aadhaar remain clear and it can achieve its targets within the set timeframe. On the controversy around the duplication of work issue, the Cabinet Committee on UID is supposed to meet very soon to clear the air.
To understand the issues at hand, it is important to go into the heart of the confusion. In its mandate, the Authority has clearly laid down how it would build the required technical infrastructure and network to support the enrolment process and generate and distribute the UID numbers. The Authority plans to leverage the existing infrastructure (both in the government and private sector) and also act as a regulatory authority. It will manage the Central Identities Data Repository (CIDR), which will issue the UID numbers, update residents’ information and authenticate identity of residents.
In the process, the Authority will involve multiple registrars to facilitate the enrolment process and interact with the residents. About 50 registrars — mostly state governments, Life Insurance Corporation of India, banks, oil companies and the National Population Registry — have started doing this job of collecting demographic information and biometric details (photo, fingerprints and iris of all residents over the age five years).
The trouble started with the NPR doubting the authenticity of the data being collected by the registrars, forgetting that much of such data is being collected by government agencies and employees who are also NPR’s foot-soldiers. In fact, in March, the Authority and the Registry signed a Memorandum of Understanding on how they can work together. To avoid any duplication, they decided to follow this procedure: the Registry after collecting its data would send them to the Authority and the latter would then de-duplicate and generate an Aadhaar number.
But there is another problem: other registrars have already started enrolling residents and there would be a huge database of duplicate information. So what can be done about these since the costs of collecting biometric data (particularly iris) is high. According to some estimates, these duplicate databases could cost the government more than a couple of thousand of crores of rupees.
The question remains that since it was well known that the NPR would be generated around the Census 2011, why was it not aligned to the Authority’s registry selection process? In fact, the other registrars should have been given a specific mandate or NPR should have been mandated to use the database of the other registrars of the Authority.
Both these projects have advantages and disadvantages. But now it is important to take a decision on these problems since the next 500 million in the current phase and the remaining 600 million will cover the total population of India. The duplication around the issuance of identity cards should be addressed at this stage. Moreover, there should be an effort to make both processes homologous since there are now discussions that Aadhaar numbers will be printed on identity cards and the NPR respondents will also receive this in the same format.
Further, a midcourse review of the security and confidentiality systems governing such a massive central registry and the registrars’ databases must be made to ensure that the systems are hacker-proof.
Since the online authentication will be done on a massive scale, it will be wise to evaluate the robustness of the technology, its scalability and the resilience of the infrastructure. It is only when the security and sustainability of the project is verified, can it give other countries a chance of exploring the possibility of implementing such a scheme.
However, at this point, it is most important to save the taxpayers’ money from being spent unwisely and strengthen the Authority to accomplish its mission.
Subimal Bhattacharjee heads a multinational defence corporation and writes on issues of technology and security
The views expressed by the author are personal