India's ambitious Unique Identification Card (UID) project is expected to improve security once it is issued to all citizens in the country. Unique Identification Authority of India’s (UIDAI) task is to create the world’s largest biometric database. To collect pictures and fingerprints of 1.2 billion people is a huge task that will go on for years.
About 600 million people, or half of India's population are likely to get “Unique Identification Numbers (UIN)” within the next five years, as per UIDAI. This will sync all the different aspects of Indian Citizens, like passports, ration cards, pan cards (for permanent account number, required for financial transactions in India) and the like. This project is expected to be a turning point for India’s automation and e-governance efforts.
The Government of India has already approved the proposal to use multi-application smart cards with UIDs for citizens to facilitate easy verification and access to government or private services, while also helping welfare programs reach intended beneficiaries, and serving as a basis for e-Governance.
UID will contain details including name, gender, address, marital status, photo, identification mark and finger biometrics by 2011. The UIN will be based on a sophisticated application called Smart Card Operating System for Transport Applications (SCOSTA), a secured electronic device that is used for keeping data and other information in a way that only authorized persons can view it. It can be used as a voter I-card or as proof for opening a bank account, among other things.
The Empowered Group of Ministers (EGOM) headed by the External Affairs Minister Pranab Mukherji has approved the setting up of a UID Authority for this purpose.
Many countries have either a card or a number as national identity—such as the U.S. Social Security Number for citizens, China and Hong Kong with ID cards, and South Korea with a 13-digit ID number—but India is the first country to begin a biometrics-based, multi-purpose ID number verifiable online on such a grand scale.
Security concerns
However, the National Informatics Centre (NIC) has raised concerns over privacy and security of the proposed UID database. NIC states, “It has been proposed to hire the data centre services for PoC (proof-of-concept) and prototype on rental basis. It is presumed that the data related to UID will be hosted in a government Data Centre. If not, the issues related to privacy and security with respect to UID data may require to be taken into consideration.”
Secrecy fears over the UID project blazed up after its confidential working paper was leaked onto the Internet. Titled “Creating a Unique Identity Number for Every Resident in India,” the leaked document reveals in-depth details about the government project to reach 1.2 billion citizens—an undertaking on a scale never tried before in the world.
As with centralized citizen ID programs in other countries, critics fear the $4 billion project threatens privacy, as well as being vulnerable to hackers, crooks and governmental misuse. They call the leaked document a sign of security risks to come.
Whether the UID will solve problems or become a problem, global information technology companies seem to think it will be profitable. Google, IBM, Microsoft, Yahoo and India’s own Tata Consultancy Services and Infosys are lobbying the government for slices of the pie. Yahoo chief executive officer Carol Bartz has recently met Prime Minister Manmohan Singh, fishing for her company’s involvement in the project.
Dr. Nandan Nilekani, chairman of the UIDAI who was the ex-chief executive officer and co-founder of Infosys, holds the view that the UID number will be useful in improving security once it is issued to all citizens in the country.
Nandan, 54, among the 100 most influential people in the world in Time magazine’s 2006 list, has his work cut out in a project whose scale he says is 10 times larger than anything similar elsewhere in the world. He estimates needing thousands of servers to verify billions of sets of biometric data for hundreds of thousands of requests every second.
PAN/UID link
Banking heavily on the use of biometrics, the Indian government has announced plans to link the ten-digit Permanent Account Number (PAN) and the 16-digit UID Number.
The decision is coming following lengthy talks between the Finance Ministry, which is overseeing the creation and distribution of the PAN cards, and the UIDI. “We are having discussions with the finance ministry. Both projects will be using biometrics, so it is a good choice,” the UIDAI chairman said.
Under the proposal, the PAN card infrastructure will be used by the UIDAI for data collection and enrollment of citizens. Further, the UID number will be embedded in new PAN cards, while earlier PAN cardholders will be sent a letter with their UID number.
For the Biometric PAN cards, tax authorities were planning to capture the fingerprints of four fingers of an individual—two from each hand; along with the face (with the eyes fully visible), the UIDI is expected to use only fingerprints.
Seven firms including Infosys, HCL, Tata Consultancy Services and its subsidiary CMC and Electronics Corporation of India Ltd, ITI and Bharat Electronics were shortlisted for the project.
In the initial years, the department plans to issue biometric PAN cards to new applicants and those seeking a re-issue. It would be extended to existing cardholders later. Nilekani has said that once all new applicants move to the UID-backed platform, existing PAN card holders can be given a specific timeframe of say, two years, to migrate.
The UID partners would be public and private service providers such as banks, insurance companies, hotels, airlines and other business. After registering with the UIDAI and making their computer systems compatible, business establishments can receive online confirmation of their customers’ UID number in a “yes” or “no” format.
Uday Lal Pai, [email protected], is a freelance journalist based in India.