Identity concerns

The Unique Identification number, symbolic of the new and modern India, is of questionable legality and viability.

In the Indira years, the slogan was garibi hatao'. In the 1970s and 1980s, people's aspirations had focussed on basic essentials roti, kapda, aur makaan. Since the reforms in the 1990s, the emphasis moved to bijli, sadak and paani. In recent years, as growth has accelerated and access to basic infrastructure has improved further, aspirations among the poor have shifted again. Today, it's all virtual things it's about UID number, mobile phone and bank account. With that, they can access services, benefits and their rights. We are looking at a post-Aadhaar world.

MODERN India, it would appear, has finally found the missing link in its superpower story. Having ensured that all its poor had access to roti, kapda aur makaan by the 1980s, and bijli, sadak, paani by the 1990s, it is surging ahead to meet the new and rising aspirations of its poor. The foundations of this surge are being laid with the Unique Identification (UID) number, or Aadhaar, which is also the key to the three virtual things. For Prime Minister Manmohan Singh, Aadhaar is symbolic of the new and modern India. For Rahul Gandhi, Aadhaar is the key to bridging the two Indias, where you take some from the India of opportunity and put them into the India without opportunity.

Business leaders and the pink press are gaga over the spin-offs. According to one analysis, Aadhaar links private-sector businesses to India's poor in an unprecedented manner; another is titled: UID: The Biggest Business Opportunity since Liberalisation; and yet another quotes the managing director of a software giant thus: UID gives us a business opportunity to prosper in this digital world.

The total cost of the project is estimated at over Rs.50,000 crore. A business newspaper reveals that for every rupee of IT spend on the project around 60 per cent will go to hardware vendors. One consultancy giant estimated that within five years into that post-Aadhaar world, India would see a first wave of investments totalling $10 billion. From then on, potential is $12 billion a year.

There is no other government project that has kicked up such frenzy in recent times. However, in the midst of this frenzy, myriads of questions are begging for answers. While there are people asking these questions, there are also those tired old ways of dismissing them. Brand them as jholawalas or lefties or anti-technology guys or those who broke computers in the [19]80s. The more lenient of the brandings would be civil libertarians or privacy activists. Whatever they be branded, one thing in common is that none of their questions has received a satisfactory answer yet.

One place to ask questions in a democracy is Parliament; however, about six crore Aadhaar numbers have been issued even before Parliament has taken up the matter for legislative discussion.

Frontline was the first to publish a critical article on UID in 2009, which raised a set of questions to the government (High-cost, High-risk, August 14, 2009). More than two years later, most of those questions remain unanswered.

The REAL INTENT: SECURITY OR DEVELOPMENT? The Genesis

An important question regarding Aadhaar is how it will be used. Aadhaar is connected closely with the National Population Register (NPR) of the Union Home Ministry. The NPR is a child of the Kargil War. Following the reports of the Kargil Review Committee in 2000, and a Group of Ministers in 2001, the National Democratic Alliance (NDA) government decided to register compulsorily all citizens into an NPR and issue each a Multi-purpose National Identity Card (MNIC). Officially, the NPR is aimed at preventing illegal migration. For this purpose, the Citizenship Act of 1955 was amended and new Citizenship Rules were released in 2003.

As per Rule 7(3) in the 2003 Rules, It shall be the responsibility of every citizen to register once with the Local Registrar of Citizen Registration and to provide correct individual particulars. Rule 3(3) states that information on every citizen in the NPR should compulsorily have his/her National Identity Number. Still further, Rule 17 states that any violation of provisions of rules 5, 7, 8, 10, 11 and 14 shall be punishable with fine which may extend to one thousand rupees.

While registration to the NPR was compulsory and a National Identity Number was linked to each name, the 2003 Rules did not approve of linking biometrics with personal information. If we analyse the annual reports of the Home Ministry, the sections on the MNIC pilot project do not refer to biometric data until 2004-05. In 2005-06, the first mention of biometric data appears. The report noted: Data entry work for all the 30.96 lakh records and integration of photographs and finger biometrics of 17.2 lakh out of 20.6 lakh has been completed. Just how biometrics got included in the NPR without sanction from the 2003 Rules remains a mystery.

With the introduction of biometrics into the NPR, the Home Ministry required technical expertise. The establishment of the Unique Identification Authority of India (UIDAI) in 2008 was partly to meet this requirement. If doubts remained, Home Minister P. Chidambaram clarified in 2009 that MNIC has to be issued to every citizen, for which the government has decided to set up a UID authority. The Home Ministry's annual report for 2008-09 went a step ahead and stated: After the NPR is created, it will engulf the UID database, being far more comprehensive, and will become the mother database for identity purposes.

The Home Ministry's plan was the following. To quote from the Census of India website: Data collected in the NPR will be subjected to de-duplication by the UIDAI. After de-duplication, the UIDAI will issue a UID Number. This UID Number will be part of the NPR and the NPR Cards will bear this UID Number. No prizes for guessing that Aadhaar is already compulsory. In the UIDAI parlance, the NPR is a killer application. A killer application is one that so leverages Aadhaar that every citizen is forced to get an Aadhaar number.

When the ownership of a mother database of citizens, including their biometrics, lies with the Home Ministry, there are reasons to worry. There is always the problem of functionality creep, where data collected serves purposes other than its original intent. There are many ways in which the state can use such a database against its own citizens. The database could be used to persecute marginalised sections of the population. The police and the security forces, if allowed access to the biometric database, could use it extensively for regular surveillance and investigative purposes. This can lead to a large number of human rights violations. Given that fingerprint matching is not error-free, such policing may further exacerbate human rights violations. A democratic society has to guard against such possibilities.

While the UIDAI was established to supply UID numbers to the NPR, the onus of data collection was with the Registrar General of India (RGI) under the Home Ministry. However, as an initial step, the UIDAI was allowed to enrol 200 million persons. It began this process by signing memorandums of understanding (MoUs) with registrars, who enrolled people either directly or through other agencies; the RGI was one of these registrars.

First, duplication of resources and work was built into this plan. There was one set of people whose data were collected by the RGI (Group 1) and another whose data were collected by non-RGI Registrars (Group 2). But data for Group 2 could not be given to the RGI to be added to the NPR; the MoU signed between the RGI and the UIDAI did not allow for this. The MoU allowed transfer of information only for Group 1.

In other words, within the UIDAI's 200-million persons, duplication and wastage was already built in. Persons in Group 2 now have to enrol again at an RGI centre. Not surprisingly, officials of the Comptroller and Auditor General (CAG) of India have made a quiet trip to the UIDAI office for an audit.

Secondly, if duplication is allowed to cross the 200 million mark, a major section of the population would have to enrol twice. This is the reason why the Home Ministry is now trying to recapture the responsibilities of enrolment. On its part, the UIDAI wants to continue with the old plan; whether the Cabinet will allow it is not clear yet.

Another important concern is the project's potential to violate people's right to privacy. In most Western countries, projects to issue ID cards were shelved because of strong privacy concerns and adverse public opinion (see interview with Dr Edgar Whitley on page 29).

Is privacy a Western concept that does not apply to eastern societies like India, where community-based life predominates? Such a question is regularly raised in debates on Aadhaar. What this question ignores is that the right to privacy has the status of a shared global value (see A.G. Noorani's article on page 13). While the nature of notions around privacy differs across countries, every country has a temporally dynamic notion of privacy built into its culture. In other words, an interest in self-governed choice is not a by-product of Western individualism.

Martha Nussbaum, the renowned philosopher, has criticised the argument that privacy is a notion without value in India (see Is Privacy Bad for Women?, Boston Review, April/May, 2000). She writes that if the history of India is any guide, it only shows that India draws certain concrete lines in different places than does America. She further argues that if we consider the general meanings of privacy' typically acknowledged as most salient in American discussions, India also marks each of the notions as salient, and ascribes value to protecting the concerns that fall under them.

To argue her point out, Nussbaum cites three cases. First, just as in the U.S., Indian people recognise that certain types of information about oneself are privileged, and that it is bad for outsiders to publicise them without consent. Secondly, she argues that in India, as in the U.S., there is a deep concern for keeping certain parts of the body, and certain bodily acts, hidden from the sight of others and also a more general concern that, whatever one is doing, one should not be watched without one's consent. Thirdly, there is a strong interest in decisional autonomy or liberty in certain areas especially definitive of the person. All these lessons, Nussbaum says, are from among the most ancient and deeply traditional concerns of both Hindu and Muslim cultures.

It is clear then that privacy can be viewed as a globally valued right, entitlement and freedom. We can also work within the framework of individual freedoms elaborated by Amartya Sen. In Sen's framework, every freedom can have intrinsic and instrumental values. In the intrinsic sense, privacy enriches the lives of people in a substantive way and thus is constitutive of development. In the instrumental sense, privacy can be seen as contributing to other individual freedoms and socio-economic progress. It is from this standpoint that Sen has argued against consequence-independent absolute rights. Thus, the demand to trade-off one freedom for another (say, the invasive loss of privacy for development) is an untenable demand.

It is disturbing then that privacy concerns are not discussed in any document of the government or the UIDAI. On the contrary, discussions around Aadhaar have involved open calls for sharing personal information with private companies. From 2006 onwards, there was a scheme titled Unique ID for BPL families, implemented by the Department of Information and Technology. While critics trace the origin of the UIDAI to the MNIC project, the UIDAI itself traces its origin to this scheme. In 2006, a working group of the Planning Commission examined the possibilities of improving upon this scheme and introducing smart cards linked to unique IDs of citizens. The working group report noted that:

[U]nique ID could form the fulcrum around which all other smart card applications and e-governance initiatives would revolve. This could also form the basis of a public-private-partnership wherein unique ID-based data can be outsourced to other users, who would, in turn, build up their smart card-based applications. In the context of the unique ID, part of this database could be shared with even purely private smart card initiatives such as private banking/financial services on a pay-as-you-use principle.

The callousness that this report displays in sharing personal information with private companies is astonishing. In India, one major threat to privacy arises from here: the promotion of private players in the provision of social services, such as education, insurance and health (see Mohan Rao's article on page 19). With the privatisation of social services, personal data would be transformed into commodities in the market for Aadhaar numbers. In such a context, promises to introduce privacy laws become weak tools to gain the trust of citizens.

Among the technological features of Aadhaar, the collection of biometrics is most significant. Apart from biometrics, there is no systemic check to prevent identity theft. While there is agreement among biometric and legal experts regarding critical drawbacks of biometrics in proving identity beyond doubt, the Aadhaar project demonstrates extraordinary levels of faith in the infallibility of biometrics.

First, no accurate information exists on whether errors of fingerprint matching are negligible or non-existent. A small percentage of users would always be either falsely matched or not matched at all.

Secondly, a report from 4G Identity Solutions, a supplier and consultant for the UIDAI, recognises that people above 60 years and children below 12 years have difficulties in enrolling with fingerprints. Fingerprints of manual labourers are likely to be broken or eroded, apart from accidental damages to fingers from burns, chemicals, and other agents. Owing to such bad or noisy data, the failure to enrol is as high as 15 per cent in India; this involves a minimum of 180 million persons. If fingerprint readers are installed at MGNREGS work sites and PDS outlets, and employment or purchases are made contingent on authentication, about 180 million persons will be excluded from accessing these schemes.

Many of the misgivings with regard to biometrics were reaffirmed by the UIDAI's Biometrics Standards Committee. This committee conducted a sample study of 25,000 persons. Even in such a small sample, 2 to 5 per cent of the respondents did not have biometric records. Error rates increased by 2 to 3 per cent when the software was untuned to local conditions. The report also noted that sensors would not usually capture fingerprints accurately when women apply mehendi on their fingers.

For iris images, the report did not provide estimates of error because of the absence of empirical Indian data. It recommended that iris images should be used only if they [UIDAI] feel it is required. The Proof of Concept (PoC) study of the UIDAI also does not inspire confidence regarding the potential of biometrics to work in large populations (see R. Ramachandran's article on page 25).

However, despite adverse technical reports, the UIDAI decided to proceed with the collection of fingerprints and iris images for the entire population. Given that the total project cost is over Rs.50,000 crore, it is but natural that hard questions are asked on these spending decisions.

We have to rework the system. If we simply introduce UID without re-engineering the system, it wouldn't work, said Montek Singh Ahluwalia, Deputy Chairman of the Planning Commission, in September. He is right. Aadhaar would drastically reform the architecture of welfare provisions and qualitatively restructure the state's role in the social sector (see articles on PDS (page 16), MGNREGS (page 122) and health (page 19)). This policy has two elements, both of which are constitutive of neoliberal policy in India.

The first is a shift from universalism to targeting. Aadhaar is not intended to expand social service provisions. Its aim is to keep benefits restricted to targeted sections, ensure targeting with precision, and thus limit the government's fiscal commitments. As Manmohan Singh stated in July 2010: To reduce our fiscal deficit in the coming years, we must [be] reducing the scale of untargeted subsidies. The operationalisation of the Unique Identification Number Scheme provides an opportunity to target subsidies effectively.

The second is a shift from direct provision to indirect provision of social and economic services. Here, existing institutions of direct intervention are dismantled and replaced by new institutions of indirect provision. Aadhaar, as claimed, is not a tool of empowerment; it is actually an alibi for the state to leave the citizen unmarked in the market for social services.

A key premise for Aadhaar is that inability to prove identity is a barrier that prevents the poor from accessing services. It is true that the lack of identity prevents a large number of poor from, say, getting a ration card or opening a bank account. Will Aadhaar be sufficient proof of identity to access these services? Will Aadhaar do away with the need to present other documents for proving identity? In all probability, the answers are in the negative.

For instance, the UIDAI claims that the Reserve Bank of India (RBI) has made Aadhaar a valid identity proof for opening a bank account. It also claims that this step would lead to rapid growth of financial inclusion. How accurate are these two claims?

Indeed, through a gazette in November 2010, the government added the letter from the UIDAI, with the Aadhaar number, to the list of documents that may be accepted as proof of identification. However, in a circular, dated September 28, 2011, the RBI clarified: It is reiterated that while opening accounts based on Aadhaar also, banks must satisfy themselves about the current address of the customer by obtaining required proof of the same as per extant instructions. In other words, even with an Aadhaar number, banks would continue to demand other valid documents.

Despite the phenomenal spread of public banking in rural areas after 1969, a large section of the Indian people remain unbanked. One of the reasons is that many of the successes achieved between 1969 and 1991 were reversed by the financial liberalisation policies after 1991. For instance, a large number of rural bank branches were closed down in the 1990s and early 2000s. In any meaningful financial inclusion policy, opening of new rural bank branches has to be a priority. However, the government has other plans. For the government, the earlier brick-and-mortar model of rural banking is pass. The preferred option is to encourage branchless banking, and this is where Aadhaar becomes important.

In a working paper on financial inclusion, the UIDAI notes that taking banking to rural areas is an expensive proposition. Hence, opening rural branches becomes a social responsibility rather than a business opportunity. It suggests that Aadhaar can usher in an era of ubiquitous branchless banking. Instead of opening rural branches, the bank may simply appoint business correspondents (B.C.), who, with the help of hand-held biometric devices, perform banking functions. To promote the B.C. model, the RBI has already permitted the appointment of for-profit companies as B.Cs. The size of the B.C. market was recently estimated at Rs.3,000 crore. Just by routing MGNREGS wages, the B.Cs are likely to earn up to Rs.600 crore a year as commission.

The B.C. model has already triggered adverse outcomes in rural areas. On March 18, 2011, an internal circular of the State Bank of India noted that B.Cs were found to indulge in malpractices, such as asking for unauthorised money, over and above the bank's approved rates of charges from the customers. It noted that gullible customers are being exploited, posing serious risk to the bank's reputation. During discussions with a leading bank union, I was told that B.Cs regularly extracted Rs.100 to 150 per gold loan in many south Indian districts. One newspaper recently quoted a B.C. employee in Punjab thus: 75 per cent of B.C. agents are village sarpanchs or their kin.

To conclude, a project of the size and cost of Aadhaar should not be pursued without wider discussions among the public and in Parliament. Such projects should inspire public trust and confidence. However, the undue haste displayed by the proponents of the project raises many questions. The sad part of the story is that there are no satisfactory answers.

R. Ramakumar is Associate Professor at the Tata Institute of Social Sciences, Mumbai.