While government aims to assign unique numbers to a billion plus population for providing a portable identity and eliminating of ghosts from databases, it has spurred a public debate on the potential misuse of UID leading to infringement of individual privacy and liberty and data security
By Pratap Vikram Singh, e-Gov Bureau
As it is frequently quoted and known, if one goes to get a driver’s license, one must have a ration card, and to get a ration card one must have a birth certificate. Although the need for a standard identification proof is a common concern shared by most of the Indians, the situation is grim when it is related to identification of an individual residing in rural India. Courtesy the economic policy of the government and fairly genuine know your customer (KYC) norms of the banking sector, nearly eighty percent of the population, mostly residing in the country side, is estimated to be out of any formal banking and financial coverage.
Delivery of essential government to citizen services, especially the welfare and targeted programmes, meant for the lowest income group, is also marred with inefficiency and leakages. Subsequently, these very welfare programmes, which are operational under the inclusive agenda of the government, have become exclusionary. In addition, poor policy design and faulty databases make their contribution in bits and pieces in depriving the genuine beneficiaries of the proposed benefits and leaking out into the hands of people, falling in the above poverty line category.
To resolve the issue of precise targeting of the deserving beneficiaries and fixing of the decades- old leakages, government has set up Unique Identification Authority of India (UIDAI), chaired by Nandan Nilekani for building a national citizen database, leveraging information technology (IT) and biometrics identity system, by assigning unique identification number —‘Aadhaar’ as UIDAI calls it—to every resident inside the Indian territorial boundary. It intends to, in the words of Nilekani, ‘get rid of our phantoms’, eliminate the duplicate identities and ghost beneficiaries resting in several government databases, resulting in savings to the exchequer and promulgating ‘inclusion’ through effective targeting of the beneficiaries.
However, parallel to the UID advocacy, there are several concerns arising out of UID project. Several civil society organisations (CSO), rights activists and organisations working on ICT for development domain are all pointing out the challenges in integration of UID with the social sector schemes like Mahatma Gandhi National Rural Employment Guarantee (MGNREG) programme and Public Distribution System (PDS), among others, and questioning its projected effi- cacy in facilitating inclusion. Moreover, there is a huge uproar on issues of infringement of individual privacy and liberty arising out of an increased possibility of tracking and profiling of citizens by the state (the government) with the help of UID—the common thread interlinking various databases within the government. UID, has one more time, spurred the public debate on drawing of the thin-line between individual liberty and privacy and national security. The drifting understanding on technology solutions, being a replacement for good policy, rather an enabler, and pushing citizens into the technological complexities and dependence, is another argument which is being debated in India, as the government plans to go ahead with creating world’s largest citizen database, without much parliamentary debate and public consultation.
The genesis of a national identification project goes back to the year 1999. The government commissioned a Kargil Review Committee, appointed in the wake of the Kargil War, in 1999, which submitted its report the next year, and was referred to in the report of Inter Ministerial Group on Reforming the National Security System. The report said: “There should be compulsory registration of citizens and non-citizens living in India… All citizens should be given a Multi-Purpose National Identity Card (MNIC) and non-citizens should be issued identity cards of a different colour and design.” Later, in 2003, the Government of India gave approval for assigning MNIC at national scale to each resident. However, in 2006, the Planning Commission conceived a similar initiative, which aimed to provide unique identity number for each resident across the country, which would be used primarily as the basis for efficient delivery of welfare services.
Eventually, the government decided to collate the two parallely running programmes of the time—the National Population Register under the Citizenship Act, 1955 and the Unique Identification Number project of the Department of Information Technology, with the forming of empowered group of ministers (EGoM) to look into the feasibility of rolling out unique identifi- cation numbers to the residents.
On January 28, 2009, the Unique Identification Authority of India was constituted and notified by the Planning Commission as an attached office under the aegis of Planning Commission. Nilekani, the co-founder of the second largest Bangalore based Indian IT power house, Infosys was appointed as Chairman by the Prime Minister of India. The UIDAI aims to offer a strong form of online authentication, where agencies can compare demographic and biometric information of the resident with the record stored in the central database.
UIDAI is working on the principle that ‘inability to prove identity is one of the biggest barriers preventing the poor from accessing benefits and subsidies’. In theory, UID is believed to reform the service delivery mechanism in the country through its integration with the social sector schemes like PDS, MGNREG, among others. The Identification Authority avers that the amount of money that could be saved from pilferage in these development programmes could be in the volume of tens of thousands of crores.
Currently, the Authority is working on ‘defining the usage of the number’ across critical applications and services. PDS, MGNREGS, Education, Public Health and Financial Inclusion, inter alia are few such applications. The Authority proposes that using Aadhaar solely for identification would enable clear targeting of PDS beneficiaries, the inclusion of marginal groups, and expanded coverage of the poor through the elimination of fakes and duplicates.
The government intends to make a shift in the way PDS services are being delivered from a static, supply-led approach to a demandled and dynamic approach, one which gives ‘power and choice to the beneficiary’. It has been pointed out that the number would help residents collect entitlements from any fair price shop (FPS) within the state. Government would then replenish FPS stocks based on authentication-linked off-take.
Needless to say that using Aadhaar in identification of beneficiaries in PDS databases will eliminate duplicate and fake beneficiaries from the rolls, and make identification for entitlements far more effective.
On UID application in MGNREG, the Authority proposes its integration with job cards, muster rolls, bank account and transaction authentication. UIDAI’s Working Paper on UID application on MGNREG elaborates that the UID can fully replace the need to provide supporting documentation for the standard KYC, which will make opening a bank account significantly simpler.
The paper puts forth role of UID in preventing ‘theft from beneficiaries and taxpayers’. It says that UID authentication at the site of work could ensure a match between the hours claimed by the workers and the official supervising the site. Similarly, the over-reporting on amount of work done, could be corroborated against the wages paid to the beneficiaries, ‘establishing the execution of the project’.
“The Aadhaar number can be employed in multiple applications, including the PDS and NREGS, and in banking for the poor. While Aadhaar cannot be a panacea for all the challenges which programmes such as the PDS or MNREGS currently face, Aadhaar can be leveraged at various points in these programmes to improve the delivery systems by making them more transparent, convenient and cost-effective,” R S Sharma, Director General and Mission Director, Unique Identification Authority of India said.
He added: “The proposed authentication infrastructure of Aadhaar which will enable a resident to authenticate his/her identity will be able to bring about the accountability and transparency at the final delivery point and enforce the no-transferability of entitlements in various programs.”
UID would facilitate financial inclusion in a bigger manner. While enabling banking cover to the rural population, linkage with UID would facilitate electronic micro transactions, very typical of the economic culture prevailing in villages. Direct cash transfer, on the place of subsidy, could be facilitated much easily with linking UID to individual’s bank account. Providing a unique identification to all the residents, especially the BPL population would make them eligible for receiving direct cash transfer, without any intermediary intervention.
Ashish Sanyal, former Senior Director, Department of IT said, “In my opinion UID is the first correct step towards realisation of so-called Connected Government or Joined-up Government.” He opined, “It is happening at a very suitable time also, because, through implementation of National e-Governance Plan, government is heading fast towards such a requirement, in order to derive maximum benefits from some flagship schemes/programmes planned under NeGP for country-wide roll-out.”
Moreover, security is yet another major application area where UID aims to make a difference. UID proponents say that in a single identity paradigm, the surveillance and monitoring of people would be far easier. The security agencies will be able to track the movements of people with relative ease. Integration of the databases with help of UID is poised to transform the way information and intelligence is gathered by the security agencies.
Providing a cop’s perspective, T Krishna Prasad, Additional Director General of Police, Andhra Pradesh said, “UID would be of particular significance in crime prevention and detection, making identification of the person in dock much easier.”
R S Praveen Kumar, Joint Commissioner of Police, Hyderabad said, “In the existing situation, our databases of all departments are not integrated. While we search for the criminals and offenders, the veracity of the person is a big question mark. With UID and the networking of servers, across departments, we will be able to see banking history, travel history, health history of the person and zeroing in on the real culprit would be far much easier.”
Purushottam Sharma, Inspector General of Police (IGP), Head, State Crime Records Bureau (SCRB), Madhya Pradesh informed:“If Government of India permits the police and other security agencies to utilise this UIDAI database – in future which I strongly believe that it will be granted- it will be much benefi- cial in tracking of criminals and absconders.”
As per UIDAI’s understanding the inability to prove identity is one of the biggest barriers preventing the poor from accessing benefits and subsidies. However, this very principle is being debated by many civil society organisations (CSO) working closely at the grassroots level.
Though some of the CSOs agree to the fact that lack of identity proof may be one of the reasons behind poor state of service delivery and source of exclusion, they point out towards the quid pro quo among the politicians, administrators and local middle men and contractors, flaws in policy design, and poor categorisation of BPL and APL as the real source of denial of services to the poor.
Commenting on this proposition of UIDAI, Sunil Abraham, Executive Director, Centre for Internet and Society said: “Instead it is the lack of transparency in the benefits and subsidies system. Corruption monitoring, systemic transparency and accountability – via right to information- and decentralised public participation is the key to providing access to benefits and subsidies.” Right activists are of the view that the pilferage of `20,000 crore is not because poor people are defrauding each other. This scale of fraud is possible because many rich and powerful people are involved and there is collusion by government officials.
As per the concerns raised by the civil society, although a cost benefit analysis is yet to be done on UID project, a comparison between scope of UID application in service delivery and its cost show that the cost outweighs benefits, given the limited role of UID in fixing the loopholes in the social sector schemes, which are primarily due to flaws in policies and processes.
United Kingdom in 2005 introduced an Identity Cards Bill in the Parliament, primarily meant for ‘combating terrorism, reducing crime and illegal working, reducing fraud and strengthening national security’. However, the bill faced strong opposition from all sections of society, led by researchers and academia, in face of issues arising out of data protection and privacy concerns. In an assessment report, the department of information systems of London School of Economics said: “The proposals are too complex, technically unsafe, overly prescriptive and lack a foundation of public trust and confidence.”
Pointing that proposal missed key opportunities to establish a secure, trusted and costeffective identity system, the report put forth consideration of alternative models for an identity card scheme that may achieve the goals of the legislation more effectively. While providing cost estimation, LSE reported that the likely cost of the ten-year rollout of the proposed identity cards scheme could be between £10.6 billion and £19.2 billion, with a median of £14.5 billion, substantially higher that the projected cost of the project by the government.
On UID, while UIDAI has informed that the cost for each enrollment is approximately INR150, there has been no public disclosure on the over all, long term cost of the UID project.
Privacy, Security and orwellian state
Privacy of the residents’ data is another major concern. Use of UID to track citizens’ lives will go a long way in encroaching civil liberties. Besides, India doesn’t have a stringent privacy law, as is the case in the US and other European countries, which has a national citizen database. UID being the common denominator in all the databases, mining information from databases of the government and market agencies would fetch complete information on personal details about travel, health, communications and banking history of an individual. “The actual objective of UID seems to track large numbers of people, which fundamentally undermines citizens’ civil liberties,” Roy said. Given the quid pro quo between the politicians, bureaucrats, police, local administrators and contractors, there is a high possibility of this enormous information being used against innocent citizens.
Data security of the central UID repository is yet another concern, which assumes even greater proportions given the fact that the existing legislative framework doesn’t address these issues. Legal experts are of the view that in face of 26/11 Mumbai attacks, the government through Information Technology (Amendment) Act, 2008, have acquired huge unprecedented powers for protecting national security and for interception, monitoring, decryption and blocking of electronic data and information transmitted through computers, computer systems, computer networks, computer resources and communication devices within India. However, there has been little or no action on ensuring data security and individual privacy for the citizens.
Voicing his concern, Pawan Duggal, Lawyer, Supreme Court of India said that despite the amendment of Information Technology Act, 2000, there is not enough provisions therein relating to individual privacy and data security. India also does not have any dedicated legislation on privacy and data security.
While having an optimistic view that the UID project would not lead to an Orwellian state, Purushottam Sharma also pointed out to the imperative of having stringent legislative mechanism to ensure privacy and data security. He said: “The Government of India has to work on a [legislative] framework to ensure the security of database and has to decide who can access this UID database.”
The creation of national citizen database is a right move in the direction of providing standard identification to all the residents, besides leveraging it for providing the financial cover to 80 % of the population. Moreover, it could also expedite the process of identification and prevention of criminal and crime, respectively, making the task of security agencies far more easier. It would lead to objectivising and catalysing the prosecution process.
However, the thin-line between individual liberty, privacy and national security must not be blurred. “There is a need to draw a clear line between concerns regarding national security and safeguarding individual privacy,” Praveen Kumar opined. The government has the onus of devising objective, transparent mechanism so that the transactional data, with a linkage to UID, would not be misused by the people sitting at the helms of affair for profiling, tracking and harassment of innocents. Some of the best bureaucrats and cops, noted for their integrity and impeccable public career, share the concerns about the vulnerability of misuse of data against the innocent residents – the aam aadmi- in the country.
Pointing towards need for a transparent institutional mechanisms defining the use of UID in individual tracking and profiling, Krishna Prasad said, “Cases of phone tapping have been happening all the time. Post UID, it will be tracking of individual lifestyle and movements. You can’t stop it, as long as you don’t have those transparent institutional mechanisms to deal with these issues.” It is an imperative in the part of the government to devise stringent legislations which may safeguard individual privacy and liberty.
There is an urgent crying need to come up with appropriate checks and balances in this regard. “The government needs to do quite a lot in terms of addressing the various legal policy and regulatory issues pertaining to UID in India, before implementing and launching it in a big way in India,” Duggal affirmed